kernel-devel-6.7.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13660 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-6.7.4-1.1 on GA media These are all security issues fixed in the kernel-devel-6.7.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13660 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13660 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-47233/ SUSE CVE CVE-2023-47233 page https://www.suse.com/security/cve/CVE-2023-6535/ SUSE CVE CVE-2023-6535 page https://www.suse.com/security/cve/CVE-2023-6536/ SUSE CVE CVE-2023-6536 page openSUSE Tumbleweed kernel-devel-6.7.4-1.1 kernel-macros-6.7.4-1.1 kernel-source-6.7.4-1.1 kernel-source-vanilla-6.7.4-1.1 kernel-devel-6.7.4-1.1 as a component of openSUSE Tumbleweed kernel-macros-6.7.4-1.1 as a component of openSUSE Tumbleweed kernel-source-6.7.4-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-6.7.4-1.1 as a component of openSUSE Tumbleweed The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. CVE-2023-47233 openSUSE Tumbleweed:kernel-devel-6.7.4-1.1 openSUSE Tumbleweed:kernel-macros-6.7.4-1.1 openSUSE Tumbleweed:kernel-source-6.7.4-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-47233.html CVE-2023-47233 https://bugzilla.suse.com/1216702 SUSE Bug 1216702 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6535 openSUSE Tumbleweed:kernel-devel-6.7.4-1.1 openSUSE Tumbleweed:kernel-macros-6.7.4-1.1 openSUSE Tumbleweed:kernel-source-6.7.4-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-6535.html CVE-2023-6535 https://bugzilla.suse.com/1217988 SUSE Bug 1217988 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6536 openSUSE Tumbleweed:kernel-devel-6.7.4-1.1 openSUSE Tumbleweed:kernel-macros-6.7.4-1.1 openSUSE Tumbleweed:kernel-source-6.7.4-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-6536.html CVE-2023-6536 https://bugzilla.suse.com/1217989 SUSE Bug 1217989