Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4839-1 Final 1 1 2023-12-14T10:34:45Z current 2023-12-14T10:34:45Z 2023-12-14T10:34:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_138 fixes several issues. The following security issues were fixed: - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-4839,SUSE-SLE-Module-Live-Patching-15-SP3-2023-4839 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234839-1/ Link for SUSE-SU-2023:4839-1 https://lists.suse.com/pipermail/sle-security-updates/2023-December/017355.html E-Mail link for SUSE-SU-2023:4839-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215097 SUSE Bug 1215097 https://bugzilla.suse.com/1215519 SUSE Bug 1215519 https://www.suse.com/security/cve/CVE-2023-2163/ SUSE CVE CVE-2023-2163 page https://www.suse.com/security/cve/CVE-2023-3777/ SUSE CVE CVE-2023-3777 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1 kernel-livepatch-5_3_18-150300_59_138-preempt-3-150300.2.1 kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. CVE-2023-2163 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234839-1/ https://www.suse.com/security/cve/CVE-2023-2163.html CVE-2023-2163 https://bugzilla.suse.com/1215518 SUSE Bug 1215518 https://bugzilla.suse.com/1215519 SUSE Bug 1215519 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. CVE-2023-3777 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234839-1/ https://www.suse.com/security/cve/CVE-2023-3777.html CVE-2023-3777 https://bugzilla.suse.com/1215095 SUSE Bug 1215095 https://bugzilla.suse.com/1215097 SUSE Bug 1215097