{"affected":[{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.12.14-10.141.1","dlm-kmp-rt":"4.12.14-10.141.1","gfs2-kmp-rt":"4.12.14-10.141.1","kernel-devel-rt":"4.12.14-10.141.1","kernel-rt":"4.12.14-10.141.1","kernel-rt-base":"4.12.14-10.141.1","kernel-rt-devel":"4.12.14-10.141.1","kernel-rt_debug":"4.12.14-10.141.1","kernel-rt_debug-devel":"4.12.14-10.141.1","kernel-source-rt":"4.12.14-10.141.1","kernel-syms-rt":"4.12.14-10.141.1","ocfs2-kmp-rt":"4.12.14-10.141.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP5","name":"kernel-rt","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.12.14-10.141.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.12.14-10.141.1","dlm-kmp-rt":"4.12.14-10.141.1","gfs2-kmp-rt":"4.12.14-10.141.1","kernel-devel-rt":"4.12.14-10.141.1","kernel-rt":"4.12.14-10.141.1","kernel-rt-base":"4.12.14-10.141.1","kernel-rt-devel":"4.12.14-10.141.1","kernel-rt_debug":"4.12.14-10.141.1","kernel-rt_debug-devel":"4.12.14-10.141.1","kernel-source-rt":"4.12.14-10.141.1","kernel-syms-rt":"4.12.14-10.141.1","ocfs2-kmp-rt":"4.12.14-10.141.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP5","name":"kernel-rt_debug","purl":"pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.12.14-10.141.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.12.14-10.141.1","dlm-kmp-rt":"4.12.14-10.141.1","gfs2-kmp-rt":"4.12.14-10.141.1","kernel-devel-rt":"4.12.14-10.141.1","kernel-rt":"4.12.14-10.141.1","kernel-rt-base":"4.12.14-10.141.1","kernel-rt-devel":"4.12.14-10.141.1","kernel-rt_debug":"4.12.14-10.141.1","kernel-rt_debug-devel":"4.12.14-10.141.1","kernel-source-rt":"4.12.14-10.141.1","kernel-syms-rt":"4.12.14-10.141.1","ocfs2-kmp-rt":"4.12.14-10.141.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP5","name":"kernel-source-rt","purl":"pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.12.14-10.141.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.12.14-10.141.1","dlm-kmp-rt":"4.12.14-10.141.1","gfs2-kmp-rt":"4.12.14-10.141.1","kernel-devel-rt":"4.12.14-10.141.1","kernel-rt":"4.12.14-10.141.1","kernel-rt-base":"4.12.14-10.141.1","kernel-rt-devel":"4.12.14-10.141.1","kernel-rt_debug":"4.12.14-10.141.1","kernel-rt_debug-devel":"4.12.14-10.141.1","kernel-source-rt":"4.12.14-10.141.1","kernel-syms-rt":"4.12.14-10.141.1","ocfs2-kmp-rt":"4.12.14-10.141.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP5","name":"kernel-syms-rt","purl":"pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.12.14-10.141.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).\n- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).\n- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).\n- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).\n- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).\n- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).\n- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).\n- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).\n- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).\n- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).\n- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).\n- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).\n- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).\n- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).\n- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).\n- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).\n\nThe following non-security bugs were fixed:\n\n- af_key: fix send_acquire race with pfkey_register (git-fixes).\n- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git-fixes).\n- af_unix: fix a data race of sk->sk_receive_queue->qlen (git-fixes).\n- arm64: re-enable support for contiguous hugepages (git-fixes)\n- arm64: vdso: fix clock_getres() for clock_realtime (git-fixes)\n- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).\n- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).\n- bnx2x: fix page fault following eeh recovery (bsc#1214299).\n- bonding: fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).\n- bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)\n- bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-fixes)\n- bridge: ebtables: do not crash when using dnat target in output chains (git-fixes).\n- btrfs-allow-use-of-global-block-reserve-for-balance: (bsc#1214335).\n- btrfs-unset-reloc-control-if-transaction-commit-fail: (bsc#1212051).\n- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).\n- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).\n- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).\n- fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).\n- fs: lockd: avoid possible wrong null parameter (git-fixes).\n- inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes).\n- kabi/severities: ignore newly added srso mitigation functions\n- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752).\n- module: avoid allocation if module is already present and ready (bsc#1213921).\n- module: extract patient module check into helper (bsc#1213921).\n- module: move check_modinfo() early to early_mod_check() (bsc#1213921).\n- module: move early sanity checks into a helper (bsc#1213921).\n- net-sysfs: call dev_hold always in netdev_queue_add_kobject (git-fixes).\n- net-sysfs: call dev_hold always in rx_queue_add_kobject (git-fixes).\n- net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes).\n- net-sysfs: fix reference count leak in rx|netdev_queue_add_kobject (git-fixes).\n- net/af_unix: fix a data-race in unix_dgram_poll (git-fixes).\n- net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git-fixes).\n- net/fq_impl: switch to kvmalloc() for memory allocation (git-fixes).\n- net: bnx2x: fix variable dereferenced before check (git-fixes).\n- net: icmp: fix data-race in cmp_global_allow() (git-fixes).\n- net: mana: add support for xdp_query_prog (jsc#sle-18779, bsc#1214209).\n- net: usb: qmi_wwan: add support for compal rxm-g1 (git-fixes).\n- netfilter: ipset: fix an error code in ip_set_sockfn_get() (git-fixes).\n- netfilter: nf_conntrack: fix possible possible crash on module loading (git-fixes).\n- nfs/blocklayout: use the passed in gfp flags (git-fixes).\n- nfs: guard against readdir loop when entry names exceed maxnamelen (git-fixes).\n- nfsd: add encoding of op_recall flag for write delegation (git-fixes).\n- nfsd: da_addr_body field missing in some getdeviceinfo replies (git-fixes).\n- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).\n- packet: fix data-race in fanout_flow_is_huge() (git-fixes).\n- packet: unconditionally free po->rollover (git-fixes).\n- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).\n- revert 'scsi: qla2xxx: fix buffer overrun' (bsc#1214928).\n- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).\n- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).\n- s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes bsc#1215057).\n- s390/cpum_sf: avoid sbd overflow condition in irq handler (git-fixes bsc#1213908).\n- s390/cpum_sf: check for sdbt and sdb consistency (git-fixes bsc#1213910).\n- s390/dasd/cio: interpret ccw_device_get_mdc return value correctly (git-fixes bsc#1215049).\n- s390/dasd: fix capacity calculation for large volumes (git-fixes bsc#1215034).\n- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157).\n- s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912).\n- s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899).\n- s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037).\n- s390/kdump: fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028).\n- s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035).\n- s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038).\n- s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906).\n- s390/smp: fix physical to logical cpu map for smt (git-fixes bsc#1213904).\n- s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes bsc#1213911).\n- s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041).\n- s390/zcrypt: handle new reply code filtered_by_hypervisor (git-fixes bsc#1215046).\n- s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032).\n- s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036).\n- sched/core: check quota and period overflow at usec to nsec conversion (git fixes).\n- sched/core: handle overflow in cpu_shares_write_u64 (git fixes).\n- sched/cpufreq: fix kobject memleak (git fixes).\n- sched/fair: do not numa balance for kthreads (git fixes).\n- sched/fair: fix cfs bandwidth hrtimer expiry type (git fixes).\n- sched/topology: fix off by one bug (git fixes).\n- scsi: qla2xxx: add logs for sfp temperature monitoring (bsc#1214928).\n- scsi: qla2xxx: allow 32-byte cdbs (bsc#1214928).\n- scsi: qla2xxx: error code did not return to upper layer (bsc#1214928).\n- scsi: qla2xxx: fix firmware resource tracking (bsc#1214928).\n- scsi: qla2xxx: fix smatch warn for qla_init_iocb_limit() (bsc#1214928).\n- scsi: qla2xxx: flush mailbox commands on chip reset (bsc#1214928).\n- scsi: qla2xxx: move resource to allow code reuse (bsc#1214928).\n- scsi: qla2xxx: remove unsupported ql2xenabledif option (bsc#1214928).\n- scsi: qla2xxx: remove unused declarations (bsc#1214928).\n- scsi: qla2xxx: remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).\n- scsi: qla2xxx: update version to 10.02.09.100-k (bsc#1214928).\n- scsi: storvsc: always set no_report_opcodes (git-fixes).\n- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).\n- skbuff: fix a data race in skb_queue_len() (git-fixes).\n- sort latest foray of security patches\n- sunrpc: always clear xprt_sock_connecting before xprt_clear_connecting on tcp xprt (bsc#1214453).\n- timers: add shutdown mechanism to the internal functions (bsc#1213970).\n- timers: provide timer_shutdown[_sync]() (bsc#1213970).\n- timers: rename del_timer() to timer_delete() (bsc#1213970).\n- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).\n- timers: replace bug_on()s (bsc#1213970).\n- timers: silently ignore timers with a null function (bsc#1213970).\n- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).\n- timers: update kernel-doc for various functions (bsc#1213970).\n- timers: use del_timer_sync() even on up (bsc#1213970).\n- tracing: fix warning in trace_buffered_event_disable() (git-fixes).\n- tun: fix bonding active backup with arp monitoring (git-fixes).\n- ubifs: fix snprintf() checking (git-fixes).\n- udp6: fix race condition in udp6_sendmsg & connect (git-fixes).\n- udp: fix race between close() and udp_abort() (git-fixes).\n- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).\n- usb: host: xhci: fix potential memory leak in xhci_alloc_stream_info() (git-fixes).\n- usb: serial: cp210x: add kamstrup rf sniffer pids (git-fixes).\n- usb: serial: cp210x: add scalance lpe-9000 device id (git-fixes).\n- usb: serial: option: add lara-r6 01b pids (git-fixes).\n- usb: serial: option: add quectel ec200a module support (git-fixes).\n- usb: serial: option: add quectel ec200u modem (git-fixes).\n- usb: serial: option: add quectel em05cn (sg) modem (git-fixes).\n- usb: serial: option: add quectel em05cn modem (git-fixes).\n- usb: serial: option: add support for vw/skoda 'carstick lte' (git-fixes).\n- usb: serial: option: add u-blox lara-l6 modem (git-fixes).\n- usb: serial: option: support quectel em060k_128 (git-fixes).\n- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).\n- usb: serial: simple: sort driver entries (git-fixes).\n- usb: xhci-mtk: set the dma max_seg_size (git-fixes).\n- usb: xhci: check endpoint is valid before dereferencing it (git-fixes).\n- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).\n- x86/bugs: reset speculation control settings on init (git-fixes).\n- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).\n- x86/cpu/amd: enable zenbleed fix for amd custom apu 0405 (git-fixes).\n- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).\n- x86/cpu/vmware: fix platform detection vmware_port macro (bsc#1210327).\n- x86/cpu/vmware: use the full form of inl in vmware_hypercall, for clang/llvm (bsc#1210327).\n- x86/cpu/vmware: use the full form of inl in vmware_port (bsc#1210327).\n- x86/cpu: cleanup the untrain mess (git-fixes).\n- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).\n- x86/cpu: fix amd_check_microcode() declaration (git-fixes).\n- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).\n- x86/cpu: rename original retbleed methods (git-fixes).\n- x86/cpu: rename srso_(.*)_alias to srso_alias_\\1 (git-fixes).\n- x86/crash: disable virt in core nmi crash handler to avoid double shootdown (git-fixes).\n- x86/ioapic: do not return 0 from arch_dynirq_lower_bound() (git-fixes).\n- x86/microcode/amd: load late on both threads too (git-fixes).\n- x86/mm: do not shuffle cpu entry areas without kaslr (git-fixes).\n- x86/mm: fix use of uninitialized buffer in sme_enable() (git-fixes).\n- x86/reboot: disable svm, not just vmx, when stopping cpus (git-fixes).\n- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).\n- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).\n- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).\n- x86/speculation: add cpu_show_gds() prototype (git-fixes).\n- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).\n- x86/srso: correct the mitigation status when smt is disabled (git-fixes).\n- x86/srso: disable the mitigation on unaffected configurations (git-fixes).\n- x86/srso: explain the untraining sequences a bit more (git-fixes).\n- x86/srso: fix build breakage with the llvm linker (git-fixes).\n- x86/virt: force gif=1 prior to disabling svm (for reboot flows) (git-fixes).\n- x86/vmware: add a header file for hypercall definitions (bsc#1210327).\n- x86/vmware: add steal time clock support for vmware guests (bsc#1210327).\n- x86/vmware: enable steal time accounting (bsc#1210327).\n- x86/vmware: update platform detection code for vmcall/vmmcall hypercalls (bsc#1210327).\n- x86: move gds_ucode_mitigated() declaration to header (git-fixes).\n- xfrm: release device reference for invalid state (git-fixes).\n- xhci-pci: set the dma max_seg_size (git-fixes).\n- xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).\n","id":"SUSE-SU-2023:3601-1","modified":"2023-09-14T10:31:13Z","published":"2023-09-14T10:31:13Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20233601-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120059"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203517"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210327"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210448"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212051"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213543"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213546"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213601"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213666"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213904"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213908"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213911"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213912"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213921"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213927"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213969"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213970"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213971"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214149"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214157"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214209"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214233"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214299"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214335"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214348"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214350"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214451"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214453"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214752"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214928"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215028"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215032"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215034"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215035"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215036"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215037"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215038"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215041"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215046"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215049"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215057"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-36402"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-2007"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-20588"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-34319"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3772"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3812"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3863"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40283"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4132"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4133"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4194"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4385"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4387"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4459"}],"related":["CVE-2022-36402","CVE-2023-2007","CVE-2023-20588","CVE-2023-34319","CVE-2023-3772","CVE-2023-3812","CVE-2023-3863","CVE-2023-40283","CVE-2023-4128","CVE-2023-4132","CVE-2023-4133","CVE-2023-4134","CVE-2023-4194","CVE-2023-4385","CVE-2023-4387","CVE-2023-4459"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2022-36402","CVE-2023-2007","CVE-2023-20588","CVE-2023-34319","CVE-2023-3772","CVE-2023-3812","CVE-2023-3863","CVE-2023-40283","CVE-2023-4128","CVE-2023-4132","CVE-2023-4133","CVE-2023-4134","CVE-2023-4194","CVE-2023-4385","CVE-2023-4387","CVE-2023-4459"]}