Overview

File _patchinfo of Package patchinfo.28859

<patchinfo incident="28859">
  <issue id="1202353" tracker="bnc">kernel: replace mkinitrd wrapper with native dracut</issue>
  <issue id="1205128" tracker="bnc">VUL-0: CVE-2022-43945: kernel-source-azure,kernel-source,kernel-source-rt: nfsd: buffer overflow due to incorrect calculation of send buffer size</issue>
  <issue id="1209613" tracker="bnc">VUL-0: CVE-2020-36691: kernel-source,kernel-source-azure,kernel-source-rt: Using netlink to force a CPU into an eternal loop</issue>
  <issue id="1209687" tracker="bnc">VUL-0: CVE-2023-1611: kernel: race between quota disable and quota assign ioctls in fs/btrfs/ioctl.c</issue>
  <issue id="1209777" tracker="bnc">VUL-0: CVE-2020-36691: kernel: lib/nlattr.c allows attackers to cause a denial of service</issue>
  <issue id="1209871" tracker="bnc">VUL-0: CVE-2023-1670: kernel-source-rt,kernel-source-azure,kernel-source: Use after free bug in xirc2ps_detach</issue>
  <issue id="1209887" tracker="bnc">Regression: crash in __sk_destruct</issue>
  <issue id="1210202" tracker="bnc">VUL-0: CVE-2023-1855: kernel: use-after-free bug in remove function xgene_hwmon_remove</issue>
  <issue id="1210301" tracker="bnc">VUL-0: kernel: cifs.ko out of bounds memory access in smb311_decode_neg_context()</issue>
  <issue id="1210329" tracker="bnc">VUL-0: CVE-2023-30772: kernel: use after free bug in da9150_charger_remove due to race condition</issue>
  <issue id="1210336" tracker="bnc">VUL-0: CVE-2023-1989: kernel: Use after free bug in btsdio_remove due to race condition</issue>
  <issue id="1210337" tracker="bnc">VUL-0: CVE-2023-1990: kernel: Use after free bug in ndlc_remove due to race condition</issue>
  <issue id="1210469" tracker="bnc">Obsolete KMP obsoletes</issue>
  <issue id="1210498" tracker="bnc">VUL-0: CVE-2023-2124: kernel-source: OOB access in the XFS subsystem</issue>
  <issue id="1210506" tracker="bnc">VUL-0: CVE-2023-1998: kernel: x86/speculation: Allow enabling STIBP with legacy IBRS</issue>
  <issue id="1210647" tracker="bnc">VUL-0: CVE-2023-2162: kernel-source-rt,kernel-source,kernel-source-azure: UAF during login when accessing the shost ipaddress</issue>
  <issue id="2023-2124" tracker="cve" />
  <issue id="2023-1670" tracker="cve" />
  <issue id="2023-2162" tracker="cve" />
  <issue id="2023-1998" tracker="cve" />
  <issue id="2023-30772" tracker="cve" />
  <issue id="2023-1855" tracker="cve" />
  <issue id="2023-1989" tracker="cve" />
  <issue id="2023-1990" tracker="cve" />
  <issue id="2022-43945" tracker="cve" />
  <issue id="2023-1611" tracker="cve" />
  <issue id="2020-36691" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).

The following non-security bugs were fixed:

- cifs: fix negotiate context parsing (bsc#1210301).
- cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places