Overview

File _patchinfo of Package patchinfo.33905

<patchinfo incident="33905">
  <issue id="1216644" tracker="bnc">VUL-0: CVE-2023-5717: kernel live patch: heap out-of-bounds write vulnerability related to perf_read_group() can be exploited to achieve local privilege escalation</issue>
  <issue id="1218259" tracker="bnc">VUL-0: CVE-2023-6931: kernel live patch: heap out-of-bounds write in perf_read_group</issue>
  <issue id="1220211" tracker="bnc">VUL-0: CVE-2024-26585: kernel live patch: tls: race condition between tx work scheduling and socket close</issue>
  <issue id="1220832" tracker="bnc">VUL-0: CVE-2023-52502: kernel live patch: net: nfc: race conditions in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()</issue>
  <issue id="1222685" tracker="bnc">VUL-0: CVE-2023-6546: kernel live patch: GSM multiplexing race condition leads to privilege escalation</issue>
  <issue id="1223514" tracker="bnc">VUL-0: CVE-2022-48651: kernel live patch: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header</issue>
  <issue id="2022-48651" tracker="cve" />
  <issue id="2023-52502" tracker="cve" />
  <issue id="2023-6546" tracker="cve" />
  <issue id="2023-6931" tracker="cve" />
  <issue id="2024-26585" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 5.3.18-150200_24_157 fixes several issues.

The following security issues were fixed:

- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in perf_read_group() (bsc#1216644). 
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close for tls (bsc#1220211).
- CVE-2023-6546: Fixed a race condition that could lead to a use-after-free in the GSM 0710 tty multiplexor (bsc#1222685).
</description>
<summary>Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP2)</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places