1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2024:0112-1

[SUSE-SU-2024:0112-1] Security update for the Linux Kernel

Severity Important
Affected Packages 14
CVEs 13
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
  • CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
  • CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
  • CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS (bsc#1210778).
  • CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
  • CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure (bsc#1216046).
  • CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
  • CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
  • CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
  • CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
  • CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
  • CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
  • CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
Package Affected Version
pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-trace?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-trace-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-trace-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-source?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-ec2?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-ec2-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-ec2-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.150.1
ID
SUSE-SU-2024:0112-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2024/suse-su-20240112-1/
Published
2024-01-16T12:29:23
(8 months ago)
Modified
2024-01-16T12:29:23
(8 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0112-1.json
Suse URL for SUSE-SU-2024:0112-1 https://www.suse.com/support/update/announcement/2024/suse-su-20240112-1/
Suse E-Mail link for SUSE-SU-2024:0112-1 https://lists.suse.com/pipermail/sle-security-updates/2024-January/017672.html
Bugzilla SUSE Bug 1179610 https://bugzilla.suse.com/1179610
Bugzilla SUSE Bug 1205762 https://bugzilla.suse.com/1205762
Bugzilla SUSE Bug 1210778 https://bugzilla.suse.com/1210778
Bugzilla SUSE Bug 1212051 https://bugzilla.suse.com/1212051
Bugzilla SUSE Bug 1212703 https://bugzilla.suse.com/1212703
Bugzilla SUSE Bug 1215237 https://bugzilla.suse.com/1215237
Bugzilla SUSE Bug 1215858 https://bugzilla.suse.com/1215858
Bugzilla SUSE Bug 1215860 https://bugzilla.suse.com/1215860
Bugzilla SUSE Bug 1216046 https://bugzilla.suse.com/1216046
Bugzilla SUSE Bug 1216058 https://bugzilla.suse.com/1216058
Bugzilla SUSE Bug 1216976 https://bugzilla.suse.com/1216976
Bugzilla SUSE Bug 1217947 https://bugzilla.suse.com/1217947
Bugzilla SUSE Bug 1218253 https://bugzilla.suse.com/1218253
Bugzilla SUSE Bug 1218559 https://bugzilla.suse.com/1218559
CVE SUSE CVE CVE-2020-26555 page https://www.suse.com/security/cve/CVE-2020-26555/
CVE SUSE CVE CVE-2022-45887 page https://www.suse.com/security/cve/CVE-2022-45887/
CVE SUSE CVE CVE-2023-1206 page https://www.suse.com/security/cve/CVE-2023-1206/
CVE SUSE CVE CVE-2023-31085 page https://www.suse.com/security/cve/CVE-2023-31085/
CVE SUSE CVE CVE-2023-3111 page https://www.suse.com/security/cve/CVE-2023-3111/
CVE SUSE CVE CVE-2023-39189 page https://www.suse.com/security/cve/CVE-2023-39189/
CVE SUSE CVE CVE-2023-39192 page https://www.suse.com/security/cve/CVE-2023-39192/
CVE SUSE CVE CVE-2023-39193 page https://www.suse.com/security/cve/CVE-2023-39193/
CVE SUSE CVE CVE-2023-39197 page https://www.suse.com/security/cve/CVE-2023-39197/
CVE SUSE CVE CVE-2023-45863 page https://www.suse.com/security/cve/CVE-2023-45863/
CVE SUSE CVE CVE-2023-51779 page https://www.suse.com/security/cve/CVE-2023-51779/
CVE SUSE CVE CVE-2023-6606 page https://www.suse.com/security/cve/CVE-2023-6606/
CVE SUSE CVE CVE-2023-6932 page https://www.suse.com/security/cve/CVE-2023-6932/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-11&sp=4 suse kernel-xen < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-xen-devel < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-xen-base < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace?arch=x86_64&distro=sles-11&sp=4 suse kernel-trace < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-trace-devel < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-trace-base < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-11&sp=4 suse kernel-syms < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-source?arch=x86_64&distro=sles-11&sp=4 suse kernel-source < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2?arch=x86_64&distro=sles-11&sp=4 suse kernel-ec2 < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-ec2-devel < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-ec2-base < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-11&sp=4 suse kernel-default < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-default-devel < 3.0.101-108.150.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-default-base < 3.0.101-108.150.1 sles-11 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date