Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:0705-1 Final 1 1 2024-02-29T07:34:38Z current 2024-02-29T07:34:38Z 2024-02-29T07:34:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_138 fixes several issues. The following security issues were fixed: - CVE-2023-39198: Fixed a race condition leading to a use-after-free in qxl_mode_dumb_create() (bsc#1217116). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218733). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-705,SUSE-2024-706,SUSE-SLE-Module-Live-Patching-15-SP3-2024-705 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20240705-1/ Link for SUSE-SU-2024:0705-1 https://lists.suse.com/pipermail/sle-security-updates/2024-February/018067.html E-Mail link for SUSE-SU-2024:0705-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1217116 SUSE Bug 1217116 https://bugzilla.suse.com/1218733 SUSE Bug 1218733 https://www.suse.com/security/cve/CVE-2023-39198/ SUSE CVE CVE-2023-39198 page https://www.suse.com/security/cve/CVE-2023-51780/ SUSE CVE CVE-2023-51780 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_138-default-5-150300.2.1 kernel-livepatch-5_3_18-150300_59_138-preempt-5-150300.2.1 kernel-livepatch-5_3_18-150300_59_141-default-4-150300.2.1 kernel-livepatch-5_3_18-150300_59_141-preempt-4-150300.2.1 kernel-livepatch-5_3_18-150300_59_138-default-5-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. CVE-2023-39198 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_138-default-5-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240705-1/ https://www.suse.com/security/cve/CVE-2023-39198.html CVE-2023-39198 https://bugzilla.suse.com/1216965 SUSE Bug 1216965 https://bugzilla.suse.com/1217116 SUSE Bug 1217116 https://bugzilla.suse.com/1219703 SUSE Bug 1219703 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. CVE-2023-51780 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_138-default-5-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240705-1/ https://www.suse.com/security/cve/CVE-2023-51780.html CVE-2023-51780 https://bugzilla.suse.com/1218730 SUSE Bug 1218730 https://bugzilla.suse.com/1218733 SUSE Bug 1218733 https://bugzilla.suse.com/1220191 SUSE Bug 1220191 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 https://bugzilla.suse.com/1224298 SUSE Bug 1224298 https://bugzilla.suse.com/1224878 SUSE Bug 1224878