[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2023:4033-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":38,"duplicates":39,"related":40,"reserved_at":9,"published_at":53,"modified_at":54,"state":9,"summary":55,"references_raw":57,"kevs":318,"epss":9,"epss_history":319,"metrics":320,"affected":321},"SUSE-SU-2023:4033-1","Security update for the Linux Kernel\n\n\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).\n- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).\n- CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858).\n- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).\n- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).\n- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).\n- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).\n- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).\n- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).\n- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).\n- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).\n- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).\n\nThe following non-security bugs were fixed:\n\n- 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).\n- Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).\n- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).\n- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).\n- Input: xpad - add constants for GIP interface numbers (git-fixes).\n- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).\n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).\n- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).\n- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).\n- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).\n- USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).\n- USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).\n- VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).\n- arm64: insn: Fix ldadd instruction encoding (git-fixes)\n- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)\n- blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)\n- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).\n- blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1214586).\n- blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).\n- btrfs: output extra information on failure (bsc#1215136).\n- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380)\n- direct-io: allow direct writes to empty inodes (bsc#1215164).\n- drm/ast: Fix DRAM init on AST2200 (bsc#1152446)\n- drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: \t* move changes to drm_fb_helper.c \t* context changes\n- drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: \t* send hotplug event from drm_client_add() \t* remove drm_dbg_kms()\n- drm/virtio: Fix GEM handle creation UAF (git-fixes).\n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).\n- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).\n- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).\n- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).\n- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).\n- fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048).\n- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)\n- fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)\n- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)\n- fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048).\n- firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes).\n- firmware: raspberrypi: Keep count of all consumers (git-fixes).\n- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).\n- fs: avoid softlockups in s_inodes iterators (bsc#1215165).\n- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607).\n- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).\n- idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).\n- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).\n- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).\n- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).\n- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).\n- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).\n- jbd2: remove t_checkpoint_io_list (bsc#1214946).\n- jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162).\n- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).\n- jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).\n- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.\n- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.\n- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).\n- media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes).\n- media: cec: copy sequence field for the reply (git-fixes).\n- media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes).\n- media: cec: make cec_get_edid_spa_location() an inline function (git-fixes).\n- media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-fixes).\n- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).\n- media: s5p_cec: decrement usage count if disabled (git-fixes).\n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).\n- mkspec: Allow unsupported KMPs (bsc#1214386)\n- net/mlx5: Fix size field in bufferx_reg struct (git-fixes).\n- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).\n- net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes).\n- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).\n- net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes).\n- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).\n- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).\n- net: virtio_vsock: Enhance connection semantics (git-fixes).\n- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).\n- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.\n- powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).\n- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).\n- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).\n- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).\n- quota: fix warning in dqgrab() (bsc#1214962).\n- remoteproc: Add missing '\\n' in log messages (git-fixes).\n- remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes).\n- s390/dasd: fix hanging device after request requeue (bsc#1215121).\n- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152).\n- s390: add z16 elf platform (bsc#1215954).\n- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).\n- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).\n- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).\n- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).\n- tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634).\n- udf: Fix extension of the last extent in the file (bsc#1214964).\n- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).\n- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).\n- udf: Fix uninitialized array access for some pathnames (bsc#1214967).\n- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).\n- usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).\n- vhost/net: Clear the pending messages when the backend is removed (git-fixes).\n- vhost/test: stop device before reset (git-fixes).\n- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).\n- vhost: Do not call access_ok() when using IOTLB (git-fixes).\n- vhost: Fix vhost_vq_reset() (git-fixes).\n- vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes).\n- vhost: fix range used in translate_desc() (git-fixes).\n- vhost: introduce helpers to get the size of metadata area (git-fixes).\n- vhost: missing __user tags (git-fixes).\n- vhost: vsock: kick send_pkt worker once device is started (git-fixes).\n- vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).\n- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).\n- virtio-gpu: fix possible memory allocation failure (git-fixes).\n- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).\n- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).\n- virtio-net: fix race between set queues and probe (git-fixes).\n- virtio-net: fix the race between refill work and close (git-fixes).\n- virtio-net: set queues after driver_ok (git-fixes).\n- virtio-rng: make device ready before making request (git-fixes).\n- virtio: acknowledge all features before access (git-fixes).\n- virtio_balloon: prevent pfn array overflow (git-fixes).\n- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).\n- virtio_mmio: Restore guest page size on resume (git-fixes).\n- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).\n- virtio_net: Remove BUG() to avoid machine dead (git-fixes).\n- virtio_net: add checking sq is full inside xdp xmit (git-fixes).\n- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).\n- virtio_net: reorder some funcs (git-fixes).\n- virtio_net: separate the logic of checking whether sq is full (git-fixes).\n- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).\n- virtio_pci: Support surprise removal of virtio pci device (git-fixes).\n- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).\n- virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes).\n- vringh: Fix loop descriptors check in the indirect cases (git-fixes).\n- vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).\n- vsock/virtio: enable VQs early on probe (git-fixes).\n- vsock/virtio: free queued packets when closing socket (git-fixes).\n- vsock/virtio: update credit only if socket is not closed (git-fixes).\n- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).\n- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes).\n- x86/srso: Do not probe microcode in a guest (git-fixes).\n- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).\n- x86/srso: Fix srso_show_state() side effect (git-fixes).\n- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).\n- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36],{"_key":15},"CVE-2020-36766",{"_key":17},"CVE-2023-1192",{"_key":19},"CVE-2023-1206",{"_key":21},"CVE-2023-1859",{"_key":23},"CVE-2023-39192",{"_key":25},"CVE-2023-39193",{"_key":27},"CVE-2023-39194",{"_key":29},"CVE-2023-42754",{"_key":31},"CVE-2023-4622",{"_key":33},"CVE-2023-4623",{"_key":35},"CVE-2023-4881",{"_key":37},"CVE-2023-4921",[],[],[41,42,43,44,45,46,47,48,49,50,51,52],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},"2023-10-10T12:21:11Z","2026-02-04T03:53:16.521336Z",{"cisa_kev":56,"cisa_ransomware":56,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[58,64,69,73,77,81,85,89,93,97,101,105,109,113,117,121,125,129,133,137,141,145,149,153,157,161,165,169,173,177,181,185,189,193,197,201,205,209,213,217,221,225,229,233,237,241,245,249,253,257,261,265,269,274,278,282,286,290,294,298,302,306,310,314],{"url":59,"sources":60,"tags":62},"https://www.suse.com/support/update/announcement/2023/suse-su-20234033-1/",[61],"osv_suse",[63],"Advisory",{"url":65,"sources":66,"tags":67},"https://bugzilla.suse.com/1065729",[61],[68],"REPORT",{"url":70,"sources":71,"tags":72},"https://bugzilla.suse.com/1109837",[61],[68],{"url":74,"sources":75,"tags":76},"https://bugzilla.suse.com/1152446",[61],[68],{"url":78,"sources":79,"tags":80},"https://bugzilla.suse.com/1154048",[61],[68],{"url":82,"sources":83,"tags":84},"https://bugzilla.suse.com/1208995",[61],[68],{"url":86,"sources":87,"tags":88},"https://bugzilla.suse.com/1210169",[61],[68],{"url":90,"sources":91,"tags":92},"https://bugzilla.suse.com/1212703",[61],[68],{"url":94,"sources":95,"tags":96},"https://bugzilla.suse.com/1213016",[61],[68],{"url":98,"sources":99,"tags":100},"https://bugzilla.suse.com/1214157",[61],[68],{"url":102,"sources":103,"tags":104},"https://bugzilla.suse.com/1214380",[61],[68],{"url":106,"sources":107,"tags":108},"https://bugzilla.suse.com/1214386",[61],[68],{"url":110,"sources":111,"tags":112},"https://bugzilla.suse.com/1214586",[61],[68],{"url":114,"sources":115,"tags":116},"https://bugzilla.suse.com/1214940",[61],[68],{"url":118,"sources":119,"tags":120},"https://bugzilla.suse.com/1214943",[61],[68],{"url":122,"sources":123,"tags":124},"https://bugzilla.suse.com/1214945",[61],[68],{"url":126,"sources":127,"tags":128},"https://bugzilla.suse.com/1214946",[61],[68],{"url":130,"sources":131,"tags":132},"https://bugzilla.suse.com/1214948",[61],[68],{"url":134,"sources":135,"tags":136},"https://bugzilla.suse.com/1214949",[61],[68],{"url":138,"sources":139,"tags":140},"https://bugzilla.suse.com/1214950",[61],[68],{"url":142,"sources":143,"tags":144},"https://bugzilla.suse.com/1214952",[61],[68],{"url":146,"sources":147,"tags":148},"https://bugzilla.suse.com/1214953",[61],[68],{"url":150,"sources":151,"tags":152},"https://bugzilla.suse.com/1214961",[61],[68],{"url":154,"sources":155,"tags":156},"https://bugzilla.suse.com/1214962",[61],[68],{"url":158,"sources":159,"tags":160},"https://bugzilla.suse.com/1214964",[61],[68],{"url":162,"sources":163,"tags":164},"https://bugzilla.suse.com/1214965",[61],[68],{"url":166,"sources":167,"tags":168},"https://bugzilla.suse.com/1214966",[61],[68],{"url":170,"sources":171,"tags":172},"https://bugzilla.suse.com/1214967",[61],[68],{"url":174,"sources":175,"tags":176},"https://bugzilla.suse.com/1215115",[61],[68],{"url":178,"sources":179,"tags":180},"https://bugzilla.suse.com/1215117",[61],[68],{"url":182,"sources":183,"tags":184},"https://bugzilla.suse.com/1215121",[61],[68],{"url":186,"sources":187,"tags":188},"https://bugzilla.suse.com/1215122",[61],[68],{"url":190,"sources":191,"tags":192},"https://bugzilla.suse.com/1215136",[61],[68],{"url":194,"sources":195,"tags":196},"https://bugzilla.suse.com/1215149",[61],[68],{"url":198,"sources":199,"tags":200},"https://bugzilla.suse.com/1215152",[61],[68],{"url":202,"sources":203,"tags":204},"https://bugzilla.suse.com/1215162",[61],[68],{"url":206,"sources":207,"tags":208},"https://bugzilla.suse.com/1215164",[61],[68],{"url":210,"sources":211,"tags":212},"https://bugzilla.suse.com/1215165",[61],[68],{"url":214,"sources":215,"tags":216},"https://bugzilla.suse.com/1215207",[61],[68],{"url":218,"sources":219,"tags":220},"https://bugzilla.suse.com/1215221",[61],[68],{"url":222,"sources":223,"tags":224},"https://bugzilla.suse.com/1215275",[61],[68],{"url":226,"sources":227,"tags":228},"https://bugzilla.suse.com/1215299",[61],[68],{"url":230,"sources":231,"tags":232},"https://bugzilla.suse.com/1215467",[61],[68],{"url":234,"sources":235,"tags":236},"https://bugzilla.suse.com/1215607",[61],[68],{"url":238,"sources":239,"tags":240},"https://bugzilla.suse.com/1215634",[61],[68],{"url":242,"sources":243,"tags":244},"https://bugzilla.suse.com/1215858",[61],[68],{"url":246,"sources":247,"tags":248},"https://bugzilla.suse.com/1215860",[61],[68],{"url":250,"sources":251,"tags":252},"https://bugzilla.suse.com/1215861",[61],[68],{"url":254,"sources":255,"tags":256},"https://bugzilla.suse.com/1215877",[61],[68],{"url":258,"sources":259,"tags":260},"https://bugzilla.suse.com/1215897",[61],[68],{"url":262,"sources":263,"tags":264},"https://bugzilla.suse.com/1215898",[61],[68],{"url":266,"sources":267,"tags":268},"https://bugzilla.suse.com/1215954",[61],[68],{"url":270,"sources":271,"tags":272},"https://www.suse.com/security/cve/CVE-2020-36766",[61],[273],"WEB",{"url":275,"sources":276,"tags":277},"https://www.suse.com/security/cve/CVE-2023-1192",[61],[273],{"url":279,"sources":280,"tags":281},"https://www.suse.com/security/cve/CVE-2023-1206",[61],[273],{"url":283,"sources":284,"tags":285},"https://www.suse.com/security/cve/CVE-2023-1859",[61],[273],{"url":287,"sources":288,"tags":289},"https://www.suse.com/security/cve/CVE-2023-39192",[61],[273],{"url":291,"sources":292,"tags":293},"https://www.suse.com/security/cve/CVE-2023-39193",[61],[273],{"url":295,"sources":296,"tags":297},"https://www.suse.com/security/cve/CVE-2023-39194",[61],[273],{"url":299,"sources":300,"tags":301},"https://www.suse.com/security/cve/CVE-2023-42754",[61],[273],{"url":303,"sources":304,"tags":305},"https://www.suse.com/security/cve/CVE-2023-4622",[61],[273],{"url":307,"sources":308,"tags":309},"https://www.suse.com/security/cve/CVE-2023-4623",[61],[273],{"url":311,"sources":312,"tags":313},"https://www.suse.com/security/cve/CVE-2023-4881",[61],[273],{"url":315,"sources":316,"tags":317},"https://www.suse.com/security/cve/CVE-2023-4921",[61],[273],[],[],[],[322,335,340,345],{"ecosystem":323,"name":324,"vendor":325,"product":326,"cpe_part":9,"purl_type":327,"purl_namespace":325,"purl_name":326,"source":9,"versions":328},"SUSE Linux Enterprise","kernel-rt_debug","suse","kernel-rt_debug&distro=SUSE Linux Enterprise Real Time 12 SP5","rpm",[329],{"version":330,"is_range":331,"range_type":332,"version_start":9,"version_start_type":9,"version_end":333,"version_end_type":334,"fixed_in":9},"lt4_12_14_10_144_1",true,"ecosystem","4.12.14-10.144.1","excluding",{"ecosystem":323,"name":336,"vendor":325,"product":337,"cpe_part":9,"purl_type":327,"purl_namespace":325,"purl_name":337,"source":9,"versions":338},"kernel-rt","kernel-rt&distro=SUSE Linux Enterprise Real Time 12 SP5",[339],{"version":330,"is_range":331,"range_type":332,"version_start":9,"version_start_type":9,"version_end":333,"version_end_type":334,"fixed_in":9},{"ecosystem":323,"name":341,"vendor":325,"product":342,"cpe_part":9,"purl_type":327,"purl_namespace":325,"purl_name":342,"source":9,"versions":343},"kernel-source-rt","kernel-source-rt&distro=SUSE Linux Enterprise Real Time 12 SP5",[344],{"version":330,"is_range":331,"range_type":332,"version_start":9,"version_start_type":9,"version_end":333,"version_end_type":334,"fixed_in":9},{"ecosystem":323,"name":346,"vendor":325,"product":347,"cpe_part":9,"purl_type":327,"purl_namespace":325,"purl_name":347,"source":9,"versions":348},"kernel-syms-rt","kernel-syms-rt&distro=SUSE Linux Enterprise Real Time 12 SP5",[349],{"version":330,"is_range":331,"range_type":332,"version_start":9,"version_start_type":9,"version_end":333,"version_end_type":334,"fixed_in":9}]