Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)

2024-06-2113:33:56

Google

osv.dev

linux kernel

security update

sle 15 sp3

cve-2021-46955

cve-2024-26852

cve-2024-26610

cve-2022-48651

cve-2023-6546

cve-2023-6531

cve-2023-1829

out-of-bounds read

use-after-free

memory corruption

race condition

local privilege escalation

control index filter

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.

The following security issues were fixed:

CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537).
CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059).
CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514).
CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685).
CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector’s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).
CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).