kernel-devel-6.4.11-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13145-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-6.4.11-1.1 on GA media These are all security issues fixed in the kernel-devel-6.4.11-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13145 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-4128/ SUSE CVE CVE-2023-4128 page https://www.suse.com/security/cve/CVE-2023-4194/ SUSE CVE CVE-2023-4194 page openSUSE Tumbleweed kernel-devel-6.4.11-1.1 kernel-macros-6.4.11-1.1 kernel-source-6.4.11-1.1 kernel-source-vanilla-6.4.11-1.1 kernel-devel-6.4.11-1.1 as a component of openSUSE Tumbleweed kernel-macros-6.4.11-1.1 as a component of openSUSE Tumbleweed kernel-source-6.4.11-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-6.4.11-1.1 as a component of openSUSE Tumbleweed ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. CVE-2023-4128 openSUSE Tumbleweed:kernel-devel-6.4.11-1.1 openSUSE Tumbleweed:kernel-macros-6.4.11-1.1 openSUSE Tumbleweed:kernel-source-6.4.11-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.4.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4128.html CVE-2023-4128 https://bugzilla.suse.com/1214149 SUSE Bug 1214149 A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. CVE-2023-4194 openSUSE Tumbleweed:kernel-devel-6.4.11-1.1 openSUSE Tumbleweed:kernel-macros-6.4.11-1.1 openSUSE Tumbleweed:kernel-source-6.4.11-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.4.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4194.html CVE-2023-4194 https://bugzilla.suse.com/1214019 SUSE Bug 1214019