Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:0118-1 Final 1 1 2024-01-16T12:31:39Z current 2024-01-16T12:31:39Z 2024-01-16T12:31:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). The following non-security bugs were fixed: - Enabled the LLC counters for “perf” (perf stat) on the Ice-Lake and Rocket-Lake CPUs (jsc#PED-5023 bsc#1211439). - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - Fix termination state for idr_for_each_entry_ul() (bsc#1109837). - KVM: s390/mm: Properly reset no-dat (bsc#1218057). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217936). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1218622). - Previous perf cve-4.12->SLE12-SP5 manual merge was incorrect. Fix. - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: Do not fully free QPL pages on prefill errors (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: Fixes for napi_poll when budget is 0 (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: Set default duplex configuration to full (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: unify driver name usage (bsc#1214479). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1217801). - s390/vx: fix save/restore of fpu kernel context (bsc#1218362). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-118,SUSE-SLE-RT-12-SP5-2024-118 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ Link for SUSE-SU-2024:0118-1 https://lists.suse.com/pipermail/sle-security-updates/2024-January/017668.html E-Mail link for SUSE-SU-2024:0118-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1109837 SUSE Bug 1109837 https://bugzilla.suse.com/1179610 SUSE Bug 1179610 https://bugzilla.suse.com/1202095 SUSE Bug 1202095 https://bugzilla.suse.com/1211226 SUSE Bug 1211226 https://bugzilla.suse.com/1211439 SUSE Bug 1211439 https://bugzilla.suse.com/1214479 SUSE Bug 1214479 https://bugzilla.suse.com/1215237 SUSE Bug 1215237 https://bugzilla.suse.com/1217036 SUSE Bug 1217036 https://bugzilla.suse.com/1217250 SUSE Bug 1217250 https://bugzilla.suse.com/1217801 SUSE Bug 1217801 https://bugzilla.suse.com/1217936 SUSE Bug 1217936 https://bugzilla.suse.com/1217946 SUSE Bug 1217946 https://bugzilla.suse.com/1217947 SUSE Bug 1217947 https://bugzilla.suse.com/1218057 SUSE Bug 1218057 https://bugzilla.suse.com/1218184 SUSE Bug 1218184 https://bugzilla.suse.com/1218253 SUSE Bug 1218253 https://bugzilla.suse.com/1218258 SUSE Bug 1218258 https://bugzilla.suse.com/1218362 SUSE Bug 1218362 https://bugzilla.suse.com/1218559 SUSE Bug 1218559 https://bugzilla.suse.com/1218622 SUSE Bug 1218622 https://www.suse.com/security/cve/CVE-2020-26555/ SUSE CVE CVE-2020-26555 page https://www.suse.com/security/cve/CVE-2022-2586/ SUSE CVE CVE-2022-2586 page https://www.suse.com/security/cve/CVE-2023-51779/ SUSE CVE CVE-2023-51779 page https://www.suse.com/security/cve/CVE-2023-6121/ SUSE CVE CVE-2023-6121 page https://www.suse.com/security/cve/CVE-2023-6606/ SUSE CVE CVE-2023-6606 page https://www.suse.com/security/cve/CVE-2023-6610/ SUSE CVE CVE-2023-6610 page https://www.suse.com/security/cve/CVE-2023-6931/ SUSE CVE CVE-2023-6931 page https://www.suse.com/security/cve/CVE-2023-6932/ SUSE CVE CVE-2023-6932 page SUSE Linux Enterprise Real Time 12 SP5 cluster-md-kmp-rt-4.12.14-10.157.1 cluster-md-kmp-rt_debug-4.12.14-10.157.1 dlm-kmp-rt-4.12.14-10.157.1 dlm-kmp-rt_debug-4.12.14-10.157.1 gfs2-kmp-rt-4.12.14-10.157.1 gfs2-kmp-rt_debug-4.12.14-10.157.1 kernel-devel-rt-4.12.14-10.157.1 kernel-rt-4.12.14-10.157.1 kernel-rt-base-4.12.14-10.157.1 kernel-rt-devel-4.12.14-10.157.1 kernel-rt-extra-4.12.14-10.157.1 kernel-rt-kgraft-devel-4.12.14-10.157.1 kernel-rt_debug-4.12.14-10.157.1 kernel-rt_debug-base-4.12.14-10.157.1 kernel-rt_debug-devel-4.12.14-10.157.1 kernel-rt_debug-extra-4.12.14-10.157.1 kernel-rt_debug-kgraft-devel-4.12.14-10.157.1 kernel-source-rt-4.12.14-10.157.1 kernel-syms-rt-4.12.14-10.157.1 kselftests-kmp-rt-4.12.14-10.157.1 kselftests-kmp-rt_debug-4.12.14-10.157.1 ocfs2-kmp-rt-4.12.14-10.157.1 ocfs2-kmp-rt_debug-4.12.14-10.157.1 cluster-md-kmp-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 dlm-kmp-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 gfs2-kmp-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-devel-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt-base-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt-devel-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt_debug-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt_debug-devel-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-source-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-syms-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 ocfs2-kmp-rt-4.12.14-10.157.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. CVE-2020-26555 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate 4.8 AV:A/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2020-26555.html CVE-2020-26555 https://bugzilla.suse.com/1179610 SUSE Bug 1179610 https://bugzilla.suse.com/1215237 SUSE Bug 1215237 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. CVE-2022-2586 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2022-2586.html CVE-2022-2586 https://bugzilla.suse.com/1202095 SUSE Bug 1202095 https://bugzilla.suse.com/1209719 SUSE Bug 1209719 bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. CVE-2023-51779 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2023-51779.html CVE-2023-51779 https://bugzilla.suse.com/1218559 SUSE Bug 1218559 https://bugzilla.suse.com/1218610 SUSE Bug 1218610 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 https://bugzilla.suse.com/1220191 SUSE Bug 1220191 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). CVE-2023-6121 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2023-6121.html CVE-2023-6121 https://bugzilla.suse.com/1217250 SUSE Bug 1217250 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2023-6606.html CVE-2023-6606 https://bugzilla.suse.com/1217947 SUSE Bug 1217947 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6610 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2023-6610.html CVE-2023-6610 https://bugzilla.suse.com/1217946 SUSE Bug 1217946 A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. CVE-2023-6931 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2023-6931.html CVE-2023-6931 https://bugzilla.suse.com/1214158 SUSE Bug 1214158 https://bugzilla.suse.com/1218258 SUSE Bug 1218258 https://bugzilla.suse.com/1220191 SUSE Bug 1220191 A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. CVE-2023-6932 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.157.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.157.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240118-1/ https://www.suse.com/security/cve/CVE-2023-6932.html CVE-2023-6932 https://bugzilla.suse.com/1218253 SUSE Bug 1218253 https://bugzilla.suse.com/1218255 SUSE Bug 1218255 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 https://bugzilla.suse.com/1220191 SUSE Bug 1220191 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598