Security vulnerabilities in the Linux Kernel cls_tcindex driver
This document (000021588) is provided subject to the disclaimer at the end of this document.
Environment
For a comprehensive list of affected products, please review the SUSE security announcements:
https://www.suse.com/security/cve/CVE-2023-1281.html
https://www.suse.com/security/cve/CVE-2023-1829.html
https://www.suse.com/security/cve/CVE-2021-47295.html
Situation
The Linux Kernel cls_tcindex driver has multiple security issues that are hard to fix. Also there is a very small amount of users.
SUSE has blacklisted the cls_tcindex module from loading the module to remove this attack surface.
Resolution
The blacklisting is achieved by this line:
/lib/modprobe.d/50-blacklist-netcls.conf:blacklist cls_tcindexIf the module is loaded manually by the administrator, it likely is exploitable by local users.
If the module should be loaded automatically again, please comment / remove above line or remove the /lib/modprobe.d/50-blacklist-netcls.conf file.
SUSE Linux Enterprise Server 15 SP6 and newer kernels no longer include cls_tcindex and SUSE is not planning to backport future security fixes for cls_tcindex at this time.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021588
- Creation Date: 18-Oct-2024
- Modified Date:18-Oct-2024
-
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
- SUSE Manager Server
- SUSE Linux Enterprise Micro
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
