SUSE-SU-2024:0110-1
Vulnerability Summary
Timeline
Description
Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375).
Affected Systems
- suse•kernel-rt&distro=SUSE Linux Enterprise Micro 5.1
< 5.3.18-150300.155.1
- suse•kernel-rt&distro=SUSE Linux Enterprise Micro 5.2
< 5.3.18-150300.155.1
References (21)
- https://www.suse.com/support/update/announcement/2024/suse-su-20240110-1/
- https://bugzilla.suse.com/1179610
- https://bugzilla.suse.com/1211226
- https://bugzilla.suse.com/1215237
- https://bugzilla.suse.com/1215375
- https://bugzilla.suse.com/1217250
- https://bugzilla.suse.com/1217709
- https://bugzilla.suse.com/1217946
- https://bugzilla.suse.com/1217947
- https://bugzilla.suse.com/1218105
- https://bugzilla.suse.com/1218184
- https://bugzilla.suse.com/1218253
- https://bugzilla.suse.com/1218258
- https://bugzilla.suse.com/1218559
- https://www.suse.com/security/cve/CVE-2020-26555
- https://www.suse.com/security/cve/CVE-2023-51779
- https://www.suse.com/security/cve/CVE-2023-6121
- https://www.suse.com/security/cve/CVE-2023-6606
- https://www.suse.com/security/cve/CVE-2023-6610
- https://www.suse.com/security/cve/CVE-2023-6931
- https://www.suse.com/security/cve/CVE-2023-6932