{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-rt":"5.3.18-150300.155.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.1","name":"kernel-rt","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.3.18-150300.155.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-rt":"5.3.18-150300.155.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.2","name":"kernel-rt","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.3.18-150300.155.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).\n- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).\n- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).\n- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).\n- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258).\n- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).\n\nThe following non-security bugs were fixed:\n\n- Reviewed and added more information to README.SUSE (jsc#PED-5021).\n- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).\n- clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105).\n- clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105).\n- efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375).\n","id":"SUSE-SU-2024:0110-1","modified":"2024-01-16T12:28:22Z","published":"2024-01-16T12:28:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240110-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179610"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211226"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215237"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215375"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217250"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217709"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217946"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217947"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218184"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218253"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218258"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218559"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26555"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51779"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-6121"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-6606"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-6610"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-6931"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-6932"}],"related":["CVE-2020-26555","CVE-2023-51779","CVE-2023-6121","CVE-2023-6606","CVE-2023-6610","CVE-2023-6931","CVE-2023-6932"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2020-26555","CVE-2023-51779","CVE-2023-6121","CVE-2023-6606","CVE-2023-6610","CVE-2023-6931","CVE-2023-6932"]}