Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4035-1 Final 1 1 2023-10-10T14:42:43Z current 2023-10-10T14:42:43Z 2023-10-10T14:42:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) The following non-security bugs were fixed: - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - nfs/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). - nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro/rt-5.5:latest-2023-4035,SUSE-2023-4035,SUSE-SLE-Micro-5.5-2023-4035,SUSE-SLE-Module-Live-Patching-15-SP5-2023-4035,SUSE-SLE-Module-RT-15-SP5-2023-4035,openSUSE-SLE-15.5-2023-4035 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ Link for SUSE-SU-2023:4035-1 https://lists.suse.com/pipermail/sle-security-updates/2023-October/016616.html E-Mail link for SUSE-SU-2023:4035-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1152472 SUSE Bug 1152472 https://bugzilla.suse.com/1202845 SUSE Bug 1202845 https://bugzilla.suse.com/1206453 SUSE Bug 1206453 https://bugzilla.suse.com/1213808 SUSE Bug 1213808 https://bugzilla.suse.com/1214941 SUSE Bug 1214941 https://bugzilla.suse.com/1214942 SUSE Bug 1214942 https://bugzilla.suse.com/1214943 SUSE Bug 1214943 https://bugzilla.suse.com/1214944 SUSE Bug 1214944 https://bugzilla.suse.com/1214950 SUSE Bug 1214950 https://bugzilla.suse.com/1214951 SUSE Bug 1214951 https://bugzilla.suse.com/1214954 SUSE Bug 1214954 https://bugzilla.suse.com/1214957 SUSE Bug 1214957 https://bugzilla.suse.com/1214986 SUSE Bug 1214986 https://bugzilla.suse.com/1214992 SUSE Bug 1214992 https://bugzilla.suse.com/1214993 SUSE Bug 1214993 https://bugzilla.suse.com/1215322 SUSE Bug 1215322 https://bugzilla.suse.com/1215523 SUSE Bug 1215523 https://bugzilla.suse.com/1215877 SUSE Bug 1215877 https://bugzilla.suse.com/1215894 SUSE Bug 1215894 https://bugzilla.suse.com/1215895 SUSE Bug 1215895 https://bugzilla.suse.com/1215896 SUSE Bug 1215896 https://bugzilla.suse.com/1215911 SUSE Bug 1215911 https://bugzilla.suse.com/1215915 SUSE Bug 1215915 https://bugzilla.suse.com/1215916 SUSE Bug 1215916 https://www.suse.com/security/cve/CVE-2023-1206/ SUSE CVE CVE-2023-1206 page https://www.suse.com/security/cve/CVE-2023-39192/ SUSE CVE CVE-2023-39192 page https://www.suse.com/security/cve/CVE-2023-39193/ SUSE CVE CVE-2023-39193 page https://www.suse.com/security/cve/CVE-2023-39194/ SUSE CVE CVE-2023-39194 page https://www.suse.com/security/cve/CVE-2023-4155/ SUSE CVE CVE-2023-4155 page https://www.suse.com/security/cve/CVE-2023-42753/ SUSE CVE CVE-2023-42753 page https://www.suse.com/security/cve/CVE-2023-42754/ SUSE CVE CVE-2023-42754 page https://www.suse.com/security/cve/CVE-2023-4389/ SUSE CVE CVE-2023-4389 page https://www.suse.com/security/cve/CVE-2023-4622/ SUSE CVE CVE-2023-4622 page https://www.suse.com/security/cve/CVE-2023-4623/ SUSE CVE CVE-2023-4623 page https://www.suse.com/security/cve/CVE-2023-4921/ SUSE CVE CVE-2023-4921 page https://www.suse.com/security/cve/CVE-2023-5345/ SUSE CVE CVE-2023-5345 page Container suse/sle-micro/rt-5.5:latest SUSE Linux Enterprise Live Patching 15 SP5 SUSE Linux Enterprise Micro 5.5 SUSE Real Time Module 15 SP5 openSUSE Leap 15.5 kernel-rt-5.14.21-150500.13.21.1 cluster-md-kmp-rt-5.14.21-150500.13.21.1 dlm-kmp-rt-5.14.21-150500.13.21.1 gfs2-kmp-rt-5.14.21-150500.13.21.1 kernel-devel-rt-5.14.21-150500.13.21.1 kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 kernel-rt-devel-5.14.21-150500.13.21.1 kernel-rt-extra-5.14.21-150500.13.21.1 kernel-rt-livepatch-5.14.21-150500.13.21.1 kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 kernel-rt-optional-5.14.21-150500.13.21.1 kernel-rt-vdso-5.14.21-150500.13.21.1 kernel-rt_debug-5.14.21-150500.13.21.1 kernel-rt_debug-devel-5.14.21-150500.13.21.1 kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 kernel-rt_debug-vdso-5.14.21-150500.13.21.1 kernel-source-rt-5.14.21-150500.13.21.1 kernel-syms-rt-5.14.21-150500.13.21.1 kselftests-kmp-rt-5.14.21-150500.13.21.1 ocfs2-kmp-rt-5.14.21-150500.13.21.1 reiserfs-kmp-rt-5.14.21-150500.13.21.1 kernel-rt-5.14.21-150500.13.21.1 as a component of Container suse/sle-micro/rt-5.5:latest kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 kernel-rt-5.14.21-150500.13.21.1 as a component of SUSE Linux Enterprise Micro 5.5 cluster-md-kmp-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 dlm-kmp-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 gfs2-kmp-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-devel-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt-devel-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt-vdso-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt_debug-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt_debug-devel-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt_debug-vdso-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-source-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 kernel-syms-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 ocfs2-kmp-rt-5.14.21-150500.13.21.1 as a component of SUSE Real Time Module 15 SP5 cluster-md-kmp-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 dlm-kmp-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 gfs2-kmp-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-devel-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt-devel-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt-extra-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt-livepatch-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt-optional-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt-vdso-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-devel-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-vdso-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-source-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kernel-syms-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 kselftests-kmp-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 ocfs2-kmp-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 reiserfs-kmp-rt-5.14.21-150500.13.21.1 as a component of openSUSE Leap 15.5 A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. CVE-2023-1206 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-1206.html CVE-2023-1206 https://bugzilla.suse.com/1212703 SUSE Bug 1212703 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. CVE-2023-39192 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-39192.html CVE-2023-39192 https://bugzilla.suse.com/1215858 SUSE Bug 1215858 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. CVE-2023-39193 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-39193.html CVE-2023-39193 https://bugzilla.suse.com/1215860 SUSE Bug 1215860 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. CVE-2023-39194 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-39194.html CVE-2023-39194 https://bugzilla.suse.com/1215861 SUSE Bug 1215861 A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). CVE-2023-4155 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-4155.html CVE-2023-4155 https://bugzilla.suse.com/1214022 SUSE Bug 1214022 An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. CVE-2023-42753 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-42753.html CVE-2023-42753 https://bugzilla.suse.com/1215150 SUSE Bug 1215150 https://bugzilla.suse.com/1218613 SUSE Bug 1218613 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. CVE-2023-42754 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-42754.html CVE-2023-42754 https://bugzilla.suse.com/1215467 SUSE Bug 1215467 https://bugzilla.suse.com/1222212 SUSE Bug 1222212 A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. CVE-2023-4389 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-4389.html CVE-2023-4389 https://bugzilla.suse.com/1214351 SUSE Bug 1214351 A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. CVE-2023-4622 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-4622.html CVE-2023-4622 https://bugzilla.suse.com/1215117 SUSE Bug 1215117 https://bugzilla.suse.com/1215442 SUSE Bug 1215442 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1219699 SUSE Bug 1219699 A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. CVE-2023-4623 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-4623.html CVE-2023-4623 https://bugzilla.suse.com/1215115 SUSE Bug 1215115 https://bugzilla.suse.com/1215440 SUSE Bug 1215440 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1219698 SUSE Bug 1219698 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-4921.html CVE-2023-4921 https://bugzilla.suse.com/1215275 SUSE Bug 1215275 https://bugzilla.suse.com/1215300 SUSE Bug 1215300 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1220906 SUSE Bug 1220906 https://bugzilla.suse.com/1223091 SUSE Bug 1223091 https://bugzilla.suse.com/1224418 SUSE Bug 1224418 A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. CVE-2023-5345 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.21.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/ https://www.suse.com/security/cve/CVE-2023-5345.html CVE-2023-5345 https://bugzilla.suse.com/1215899 SUSE Bug 1215899 https://bugzilla.suse.com/1215971 SUSE Bug 1215971