1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:0420-1

[SUSE-SU-2023:0420-1] Security update for the Linux Kernel

Severity Important
Affected Packages 7
CVEs 9
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
  • CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073).
  • CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest (bsc#1206113).
  • CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
  • CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
  • CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bsc#1206664).
  • CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bsc#1207237).
  • CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
  • CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).

The following non-security bugs were fixed:

  • HID: betop: check shape of output reports (git-fixes, bsc#1207186).
  • HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
  • HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
  • sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
Package Affected Version
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.199.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2 < 4.4.121-92.199.1
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2 < 4.4.121-92.199.1
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2 < 4.4.121-92.199.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.199.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.199.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.199.1
ID
SUSE-SU-2023:0420-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20230420-1/
Published
2023-02-15T11:01:11
(19 months ago)
Modified
2023-02-15T11:01:11
(19 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0420-1.json
Suse URL for SUSE-SU-2023:0420-1 https://www.suse.com/support/update/announcement/2023/suse-su-20230420-1/
Suse E-Mail link for SUSE-SU-2023:0420-1 https://lists.suse.com/pipermail/sle-security-updates/2023-February/013767.html
Bugzilla SUSE Bug 1108488 https://bugzilla.suse.com/1108488
Bugzilla SUSE Bug 1205705 https://bugzilla.suse.com/1205705
Bugzilla SUSE Bug 1205709 https://bugzilla.suse.com/1205709
Bugzilla SUSE Bug 1206073 https://bugzilla.suse.com/1206073
Bugzilla SUSE Bug 1206113 https://bugzilla.suse.com/1206113
Bugzilla SUSE Bug 1206664 https://bugzilla.suse.com/1206664
Bugzilla SUSE Bug 1206677 https://bugzilla.suse.com/1206677
Bugzilla SUSE Bug 1206784 https://bugzilla.suse.com/1206784
Bugzilla SUSE Bug 1207036 https://bugzilla.suse.com/1207036
Bugzilla SUSE Bug 1207125 https://bugzilla.suse.com/1207125
Bugzilla SUSE Bug 1207186 https://bugzilla.suse.com/1207186
Bugzilla SUSE Bug 1207237 https://bugzilla.suse.com/1207237
CVE SUSE CVE CVE-2018-9517 page https://www.suse.com/security/cve/CVE-2018-9517/
CVE SUSE CVE CVE-2022-3564 page https://www.suse.com/security/cve/CVE-2022-3564/
CVE SUSE CVE CVE-2022-3643 page https://www.suse.com/security/cve/CVE-2022-3643/
CVE SUSE CVE CVE-2022-42895 page https://www.suse.com/security/cve/CVE-2022-42895/
CVE SUSE CVE CVE-2022-42896 page https://www.suse.com/security/cve/CVE-2022-42896/
CVE SUSE CVE CVE-2022-4662 page https://www.suse.com/security/cve/CVE-2022-4662/
CVE SUSE CVE CVE-2022-47929 page https://www.suse.com/security/cve/CVE-2022-47929/
CVE SUSE CVE CVE-2023-23454 page https://www.suse.com/security/cve/CVE-2023-23454/
CVE SUSE CVE CVE-2023-23455 page https://www.suse.com/security/cve/CVE-2023-23455/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2 suse kernel-syms < 4.4.121-92.199.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2 suse kernel-source < 4.4.121-92.199.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2 suse kernel-macros < 4.4.121-92.199.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2 suse kernel-devel < 4.4.121-92.199.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2 suse kernel-default < 4.4.121-92.199.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2 suse kernel-default-devel < 4.4.121-92.199.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2 suse kernel-default-base < 4.4.121-92.199.1 sles-12 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date