{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).\n- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).\n- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).\n\nThe following non-security bugs were fixed:\n\n- Get module prefix from kmod (bsc#1212835).\n- USB: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).\n- USB: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).\n- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).\n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).\n- USB: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).\n- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).\n- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).\n- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).\n- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).\n- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).\n- blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration (bsc#1213022).\n- btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1213133).\n- dlm: Delete an unnecessary variable initialisation in dlm_ls_start() (git-fixes).\n- dlm: NULL check before kmem_cache_destroy is not needed (git-fixes).\n- dlm: fix invalid cluster name warning (git-fixes).\n- dlm: fix missing idr_destroy for recover_idr (git-fixes).\n- dlm: fix missing lkb refcount handling (git-fixes).\n- dlm: fix plock invalid read (git-fixes).\n- dlm: fix possible call to kfree() for non-initialized pointer (git-fixes).\n- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).\n- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).\n- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).\n- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).\n- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).\n- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).\n- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).\n- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).\n- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).\n- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).\n- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).\n- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).\n- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).\n- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).\n- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).\n- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).\n- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).\n- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).\n- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).\n- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).\n- fs: dlm: cancel work sync othercon (git-fixes).\n- fs: dlm: filter user dlm messages for kernel locks (git-fixes).\n- fs: dlm: fix configfs memory leak (git-fixes).\n- fs: dlm: fix debugfs dump (git-fixes).\n- fs: dlm: fix memory leak when fenced (git-fixes).\n- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).\n- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).\n- fs: fix guard_bio_eod to check for real EOD errors (bsc#1213042).\n- fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990).\n- fuse: revalidate: do not invalidate if interrupted (bsc#1213525).\n- igb: revert rtnl_lock() that causes deadlock (git-fixes).\n- include/trace/events/writeback.h: fix -Wstringop-truncation warnings (bsc#1213023).\n- inotify: Avoid reporting event with invalid wd (bsc#1213025).\n- jbd2: Fix statistics for the number of logged blocks (bsc#1212988).\n- jbd2: abort journal if free a async write error metadata buffer (bsc#1212989).\n- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).\n- jbd2: fix data races at struct journal_head (bsc#1173438).\n- jbd2: fix invalid descriptor block checksum (bsc#1212987).\n- jbd2: fix race when writing superblock (bsc#1212986).\n- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).\n- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.\n- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).\n- lib/string: Add strscpy_pad() function (bsc#1213023).\n- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).\n- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).\n- memcg: fix a crash in wb_workfn when a device disappears (bsc#1213023).\n- net: mana: Add support for vlan tagging (bsc#1212301).\n- ocfs2: check new file size on fallocate call (git-fixes).\n- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).\n- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).\n- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.\n- s390/dasd: fix memleak in path handling error case (git-fixes bsc#1213221).\n- s390/perf: Change CPUM_CF return code in event init function (git-fixes bsc#1213344).\n- s390/perf: Return error when debug_register fails (git-fixes bsc#1212657).\n- s390: limit brk randomization to 32MB (git-fixes bsc#1213346).\n- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).\n- uas: ignore UAS for Thinkplus chips (git-fixes).\n- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).\n- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).\n- udf: Avoid double brelse() in udf_rename() (bsc#1213032).\n- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).\n- udf: Define EFSCORRUPTED error code (bsc#1213038).\n- udf: Discard preallocation before extending file with a hole (bsc#1213036).\n- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).\n- udf: Do not bother merging very long extents (bsc#1213040).\n- udf: Do not update file length for failed writes to inline files (bsc#1213041).\n- udf: Drop unused arguments of udf_delete_aext() (bsc#1213033).\n- udf: Fix extending file within last block (bsc#1213037).\n- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).\n- udf: Truncate added extents on failed expansion (bsc#1213039).\n- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).\n- usrmerge: Adjust module path in the kernel sources (bsc#1212835).\n- vfio-ccw: Do not call flush_workqueue while holding the spinlock (git-fixes bsc#1213218).\n- vfio-ccw: fence off transport mode (git-fixes bsc#1213215).\n- writeback: fix call of incorrect macro (bsc#1213024).\n- x86/bugs: Enable STIBP for JMP2RET (git-fixes).\n- x86/bugs: Remove apostrophe typo (git-fixes).\n- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).\n- x86/cpu: Load microcode during restore_processor_state() (git-fixes).\n- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).\n- x86/speculation/mmio: Print SMT warning (git-fixes).\n- x86: Fix return value of __setup handlers (git-fixes).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2023-3006,SUSE-SLE-RT-12-SP5-2023-3006","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3006-1.json"},{"category":"self","summary":"URL for SUSE-SU-2023:3006-1","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20233006-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2023:3006-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2023-July/015680.html"},{"category":"self","summary":"SUSE Bug 1150305","url":"https://bugzilla.suse.com/1150305"},{"category":"self","summary":"SUSE Bug 1173438","url":"https://bugzilla.suse.com/1173438"},{"category":"self","summary":"SUSE Bug 1202716","url":"https://bugzilla.suse.com/1202716"},{"category":"self","summary":"SUSE Bug 1205496","url":"https://bugzilla.suse.com/1205496"},{"category":"self","summary":"SUSE Bug 1207617","url":"https://bugzilla.suse.com/1207617"},{"category":"self","summary":"SUSE Bug 1207620","url":"https://bugzilla.suse.com/1207620"},{"category":"self","summary":"SUSE Bug 1207629","url":"https://bugzilla.suse.com/1207629"},{"category":"self","summary":"SUSE Bug 1207630","url":"https://bugzilla.suse.com/1207630"},{"category":"self","summary":"SUSE Bug 1207633","url":"https://bugzilla.suse.com/1207633"},{"category":"self","summary":"SUSE Bug 1207634","url":"https://bugzilla.suse.com/1207634"},{"category":"self","summary":"SUSE Bug 1207653","url":"https://bugzilla.suse.com/1207653"},{"category":"self","summary":"SUSE Bug 1208788","url":"https://bugzilla.suse.com/1208788"},{"category":"self","summary":"SUSE Bug 1210584","url":"https://bugzilla.suse.com/1210584"},{"category":"self","summary":"SUSE Bug 1210765","url":"https://bugzilla.suse.com/1210765"},{"category":"self","summary":"SUSE Bug 1210766","url":"https://bugzilla.suse.com/1210766"},{"category":"self","summary":"SUSE Bug 1210771","url":"https://bugzilla.suse.com/1210771"},{"category":"self","summary":"SUSE Bug 1211867","url":"https://bugzilla.suse.com/1211867"},{"category":"self","summary":"SUSE Bug 1212301","url":"https://bugzilla.suse.com/1212301"},{"category":"self","summary":"SUSE Bug 1212657","url":"https://bugzilla.suse.com/1212657"},{"category":"self","summary":"SUSE Bug 1212741","url":"https://bugzilla.suse.com/1212741"},{"category":"self","summary":"SUSE Bug 1212835","url":"https://bugzilla.suse.com/1212835"},{"category":"self","summary":"SUSE Bug 1212871","url":"https://bugzilla.suse.com/1212871"},{"category":"self","summary":"SUSE Bug 1212905","url":"https://bugzilla.suse.com/1212905"},{"category":"self","summary":"SUSE Bug 1212986","url":"https://bugzilla.suse.com/1212986"},{"category":"self","summary":"SUSE Bug 1212987","url":"https://bugzilla.suse.com/1212987"},{"category":"self","summary":"SUSE Bug 1212988","url":"https://bugzilla.suse.com/1212988"},{"category":"self","summary":"SUSE Bug 1212989","url":"https://bugzilla.suse.com/1212989"},{"category":"self","summary":"SUSE Bug 1212990","url":"https://bugzilla.suse.com/1212990"},{"category":"self","summary":"SUSE Bug 1213010","url":"https://bugzilla.suse.com/1213010"},{"category":"self","summary":"SUSE Bug 1213011","url":"https://bugzilla.suse.com/1213011"},{"category":"self","summary":"SUSE Bug 1213012","url":"https://bugzilla.suse.com/1213012"},{"category":"self","summary":"SUSE Bug 1213013","url":"https://bugzilla.suse.com/1213013"},{"category":"self","summary":"SUSE Bug 1213014","url":"https://bugzilla.suse.com/1213014"},{"category":"self","summary":"SUSE Bug 1213015","url":"https://bugzilla.suse.com/1213015"},{"category":"self","summary":"SUSE Bug 1213017","url":"https://bugzilla.suse.com/1213017"},{"category":"self","summary":"SUSE Bug 1213018","url":"https://bugzilla.suse.com/1213018"},{"category":"self","summary":"SUSE Bug 1213019","url":"https://bugzilla.suse.com/1213019"},{"category":"self","summary":"SUSE Bug 1213020","url":"https://bugzilla.suse.com/1213020"},{"category":"self","summary":"SUSE Bug 1213021","url":"https://bugzilla.suse.com/1213021"},{"category":"self","summary":"SUSE Bug 1213022","url":"https://bugzilla.suse.com/1213022"},{"category":"self","summary":"SUSE Bug 1213023","url":"https://bugzilla.suse.com/1213023"},{"category":"self","summary":"SUSE Bug 1213024","url":"https://bugzilla.suse.com/1213024"},{"category":"self","summary":"SUSE Bug 1213025","url":"https://bugzilla.suse.com/1213025"},{"category":"self","summary":"SUSE Bug 1213032","url":"https://bugzilla.suse.com/1213032"},{"category":"self","summary":"SUSE Bug 1213033","url":"https://bugzilla.suse.com/1213033"},{"category":"self","summary":"SUSE Bug 1213034","url":"https://bugzilla.suse.com/1213034"},{"category":"self","summary":"SUSE Bug 1213035","url":"https://bugzilla.suse.com/1213035"},{"category":"self","summary":"SUSE Bug 1213036","url":"https://bugzilla.suse.com/1213036"},{"category":"self","summary":"SUSE Bug 1213037","url":"https://bugzilla.suse.com/1213037"},{"category":"self","summary":"SUSE Bug 1213038","url":"https://bugzilla.suse.com/1213038"},{"category":"self","summary":"SUSE Bug 1213039","url":"https://bugzilla.suse.com/1213039"},{"category":"self","summary":"SUSE Bug 1213040","url":"https://bugzilla.suse.com/1213040"},{"category":"self","summary":"SUSE Bug 1213041","url":"https://bugzilla.suse.com/1213041"},{"category":"self","summary":"SUSE Bug 1213042","url":"https://bugzilla.suse.com/1213042"},{"category":"self","summary":"SUSE Bug 1213059","url":"https://bugzilla.suse.com/1213059"},{"category":"self","summary":"SUSE Bug 1213133","url":"https://bugzilla.suse.com/1213133"},{"category":"self","summary":"SUSE Bug 1213215","url":"https://bugzilla.suse.com/1213215"},{"category":"self","summary":"SUSE Bug 1213218","url":"https://bugzilla.suse.com/1213218"},{"category":"self","summary":"SUSE Bug 1213221","url":"https://bugzilla.suse.com/1213221"},{"category":"self","summary":"SUSE Bug 1213286","url":"https://bugzilla.suse.com/1213286"},{"category":"self","summary":"SUSE Bug 1213344","url":"https://bugzilla.suse.com/1213344"},{"category":"self","summary":"SUSE Bug 1213346","url":"https://bugzilla.suse.com/1213346"},{"category":"self","summary":"SUSE Bug 1213525","url":"https://bugzilla.suse.com/1213525"},{"category":"self","summary":"SUSE CVE CVE-2023-20593 page","url":"https://www.suse.com/security/cve/CVE-2023-20593/"},{"category":"self","summary":"SUSE CVE CVE-2023-2985 page","url":"https://www.suse.com/security/cve/CVE-2023-2985/"},{"category":"self","summary":"SUSE CVE CVE-2023-35001 page","url":"https://www.suse.com/security/cve/CVE-2023-35001/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2023-07-27T12:18:33Z","generator":{"date":"2023-07-27T12:18:33Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2023:3006-1","initial_release_date":"2023-07-27T12:18:33Z","revision_history":[{"date":"2023-07-27T12:18:33Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-rt-4.12.14-10.133.1.noarch","product":{"name":"kernel-devel-rt-4.12.14-10.133.1.noarch","product_id":"kernel-devel-rt-4.12.14-10.133.1.noarch"}},{"category":"product_version","name":"kernel-source-rt-4.12.14-10.133.1.noarch","product":{"name":"kernel-source-rt-4.12.14-10.133.1.noarch","product_id":"kernel-source-rt-4.12.14-10.133.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","product":{"name":"cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","product_id":"cluster-md-kmp-rt-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"cluster-md-kmp-rt_debug-4.12.14-10.133.1.x86_64","product":{"name":"cluster-md-kmp-rt_debug-4.12.14-10.133.1.x86_64","product_id":"cluster-md-kmp-rt_debug-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"dlm-kmp-rt-4.12.14-10.133.1.x86_64","product":{"name":"dlm-kmp-rt-4.12.14-10.133.1.x86_64","product_id":"dlm-kmp-rt-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"dlm-kmp-rt_debug-4.12.14-10.133.1.x86_64","product":{"name":"dlm-kmp-rt_debug-4.12.14-10.133.1.x86_64","product_id":"dlm-kmp-rt_debug-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"gfs2-kmp-rt-4.12.14-10.133.1.x86_64","product":{"name":"gfs2-kmp-rt-4.12.14-10.133.1.x86_64","product_id":"gfs2-kmp-rt-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"gfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64","product":{"name":"gfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64","product_id":"gfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt-4.12.14-10.133.1.x86_64","product_id":"kernel-rt-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt-base-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt-base-4.12.14-10.133.1.x86_64","product_id":"kernel-rt-base-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt-devel-4.12.14-10.133.1.x86_64","product_id":"kernel-rt-devel-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt-extra-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt-extra-4.12.14-10.133.1.x86_64","product_id":"kernel-rt-extra-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt-kgraft-devel-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt-kgraft-devel-4.12.14-10.133.1.x86_64","product_id":"kernel-rt-kgraft-devel-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt_debug-4.12.14-10.133.1.x86_64","product_id":"kernel-rt_debug-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-base-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt_debug-base-4.12.14-10.133.1.x86_64","product_id":"kernel-rt_debug-base-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","product_id":"kernel-rt_debug-devel-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-extra-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt_debug-extra-4.12.14-10.133.1.x86_64","product_id":"kernel-rt_debug-extra-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-kgraft-devel-4.12.14-10.133.1.x86_64","product":{"name":"kernel-rt_debug-kgraft-devel-4.12.14-10.133.1.x86_64","product_id":"kernel-rt_debug-kgraft-devel-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-4.12.14-10.133.1.x86_64","product":{"name":"kernel-syms-rt-4.12.14-10.133.1.x86_64","product_id":"kernel-syms-rt-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kselftests-kmp-rt-4.12.14-10.133.1.x86_64","product":{"name":"kselftests-kmp-rt-4.12.14-10.133.1.x86_64","product_id":"kselftests-kmp-rt-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"kselftests-kmp-rt_debug-4.12.14-10.133.1.x86_64","product":{"name":"kselftests-kmp-rt_debug-4.12.14-10.133.1.x86_64","product_id":"kselftests-kmp-rt_debug-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"ocfs2-kmp-rt-4.12.14-10.133.1.x86_64","product":{"name":"ocfs2-kmp-rt-4.12.14-10.133.1.x86_64","product_id":"ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"}},{"category":"product_version","name":"ocfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64","product":{"name":"ocfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64","product_id":"ocfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Real Time 12 SP5","product":{"name":"SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:suse-linux-enterprise-rt:12:sp5"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cluster-md-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64"},"product_reference":"cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"dlm-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64"},"product_reference":"dlm-kmp-rt-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"gfs2-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64"},"product_reference":"gfs2-kmp-rt-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-rt-4.12.14-10.133.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch"},"product_reference":"kernel-devel-rt-4.12.14-10.133.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64"},"product_reference":"kernel-rt-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-base-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64"},"product_reference":"kernel-rt-base-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-devel-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64"},"product_reference":"kernel-rt-devel-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_debug-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64"},"product_reference":"kernel-rt_debug-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_debug-devel-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64"},"product_reference":"kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-4.12.14-10.133.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch"},"product_reference":"kernel-source-rt-4.12.14-10.133.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64"},"product_reference":"kernel-syms-rt-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"ocfs2-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5","product_id":"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"},"product_reference":"ocfs2-kmp-rt-4.12.14-10.133.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP5"}]},"vulnerabilities":[{"cve":"CVE-2023-20593","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-20593"}],"notes":[{"category":"general","text":"An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-20593","url":"https://www.suse.com/security/cve/CVE-2023-20593"},{"category":"external","summary":"SUSE Bug 1213286 for CVE-2023-20593","url":"https://bugzilla.suse.com/1213286"},{"category":"external","summary":"SUSE Bug 1213616 for CVE-2023-20593","url":"https://bugzilla.suse.com/1213616"},{"category":"external","summary":"SUSE Bug 1215674 for CVE-2023-20593","url":"https://bugzilla.suse.com/1215674"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-07-27T12:18:33Z","details":"moderate"}],"title":"CVE-2023-20593"},{"cve":"CVE-2023-2985","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-2985"}],"notes":[{"category":"general","text":"A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-2985","url":"https://www.suse.com/security/cve/CVE-2023-2985"},{"category":"external","summary":"SUSE Bug 1211867 for CVE-2023-2985","url":"https://bugzilla.suse.com/1211867"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-07-27T12:18:33Z","details":"moderate"}],"title":"CVE-2023-2985"},{"cve":"CVE-2023-35001","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-35001"}],"notes":[{"category":"general","text":"Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-35001","url":"https://www.suse.com/security/cve/CVE-2023-35001"},{"category":"external","summary":"SUSE Bug 1213059 for CVE-2023-35001","url":"https://bugzilla.suse.com/1213059"},{"category":"external","summary":"SUSE Bug 1213063 for CVE-2023-35001","url":"https://bugzilla.suse.com/1213063"},{"category":"external","summary":"SUSE Bug 1217531 for CVE-2023-35001","url":"https://bugzilla.suse.com/1217531"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch","SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64","SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-07-27T12:18:33Z","details":"important"}],"title":"CVE-2023-35001"}]}