CVE-2023-52688 Affecting kernel-obs-build package, versions <6.4.0-150600.23.22.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES156-KERNELOBSBUILD-8073379
  • published24 Sept 2024
  • disclosed23 Sept 2024

Introduced: 23 Sep 2024

CVE-2023-52688  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 kernel-obs-build to version 6.4.0-150600.23.22.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-obs-build package and not the kernel-obs-build package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix the error handler of rfkill config

When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config.

Found this issue in the code review and it is compile tested only.

CVSS Scores

version 3.1