SUSE update for gcc13
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-4039 |
| CWE-ID | CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Toolchain Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system libasan8-32bit-debuginfo Operating systems & Components / Operating system package or component libquadmath0-debuginfo Operating systems & Components / Operating system package or component libobjc4-32bit Operating systems & Components / Operating system package or component libquadmath0-32bit-debuginfo Operating systems & Components / Operating system package or component libitm1-32bit-debuginfo Operating systems & Components / Operating system package or component libasan8-32bit Operating systems & Components / Operating system package or component libgomp1-32bit Operating systems & Components / Operating system package or component libitm1-32bit Operating systems & Components / Operating system package or component libstdc++6-pp-32bit Operating systems & Components / Operating system package or component libgfortran5-32bit Operating systems & Components / Operating system package or component libquadmath0-32bit Operating systems & Components / Operating system package or component libobjc4-32bit-debuginfo Operating systems & Components / Operating system package or component libgfortran5-32bit-debuginfo Operating systems & Components / Operating system package or component libubsan1-32bit-debuginfo Operating systems & Components / Operating system package or component libatomic1-32bit Operating systems & Components / Operating system package or component libgomp1-32bit-debuginfo Operating systems & Components / Operating system package or component libgcc_s1-32bit Operating systems & Components / Operating system package or component libquadmath0 Operating systems & Components / Operating system package or component libstdc++6-32bit-debuginfo Operating systems & Components / Operating system package or component libatomic1-32bit-debuginfo Operating systems & Components / Operating system package or component libgcc_s1-32bit-debuginfo Operating systems & Components / Operating system package or component libubsan1-32bit Operating systems & Components / Operating system package or component libstdc++6-32bit Operating systems & Components / Operating system package or component libgfortran5-debuginfo Operating systems & Components / Operating system package or component libstdc++6-debuginfo Operating systems & Components / Operating system package or component libgcc_s1 Operating systems & Components / Operating system package or component libstdc++6-pp Operating systems & Components / Operating system package or component libgfortran5 Operating systems & Components / Operating system package or component libgcc_s1-debuginfo Operating systems & Components / Operating system package or component libasan8-debuginfo Operating systems & Components / Operating system package or component libitm1 Operating systems & Components / Operating system package or component liblsan0 Operating systems & Components / Operating system package or component libasan8 Operating systems & Components / Operating system package or component libatomic1-debuginfo Operating systems & Components / Operating system package or component libgomp1 Operating systems & Components / Operating system package or component libitm1-debuginfo Operating systems & Components / Operating system package or component libtsan2-debuginfo Operating systems & Components / Operating system package or component libobjc4-debuginfo Operating systems & Components / Operating system package or component libobjc4 Operating systems & Components / Operating system package or component libatomic1 Operating systems & Components / Operating system package or component libgomp1-debuginfo Operating systems & Components / Operating system package or component libtsan2 Operating systems & Components / Operating system package or component libstdc++6 Operating systems & Components / Operating system package or component libubsan1-debuginfo Operating systems & Components / Operating system package or component libhwasan0-debuginfo Operating systems & Components / Operating system package or component libubsan1 Operating systems & Components / Operating system package or component libhwasan0 Operating systems & Components / Operating system package or component libstdc++6-locale Operating systems & Components / Operating system package or component liblsan0-debuginfo Operating systems & Components / Operating system package or component cross-nvptx-gcc13-debuginfo Operating systems & Components / Operating system package or component cross-nvptx-newlib13-devel Operating systems & Components / Operating system package or component cross-nvptx-gcc13 Operating systems & Components / Operating system package or component cross-nvptx-gcc13-debugsource Operating systems & Components / Operating system package or component libstdc++6-devel-gcc13-32bit Operating systems & Components / Operating system package or component gcc13-fortran-32bit Operating systems & Components / Operating system package or component gcc13-c++-32bit Operating systems & Components / Operating system package or component gcc13-32bit Operating systems & Components / Operating system package or component gcc13-info Operating systems & Components / Operating system package or component gcc13-c++-debuginfo Operating systems & Components / Operating system package or component gcc13-fortran-debuginfo Operating systems & Components / Operating system package or component cpp13 Operating systems & Components / Operating system package or component gcc13-locale Operating systems & Components / Operating system package or component gcc13-debugsource Operating systems & Components / Operating system package or component gcc13-debuginfo Operating systems & Components / Operating system package or component cpp13-debuginfo Operating systems & Components / Operating system package or component gcc13-fortran Operating systems & Components / Operating system package or component gcc13-PIE Operating systems & Components / Operating system package or component gcc13-c++ Operating systems & Components / Operating system package or component gcc13 Operating systems & Components / Operating system package or component libstdc++6-devel-gcc13 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU81045
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-4039
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the GCC's stack smashing protection does not detect or defend against overflows of dynamically-sized local variables on AArch64 targets. A remote attacker can bypass expected security restrictions and successfully exploit buffer overflow vulnerabilities.
Update the affected package gcc13 to the latest version.
Vulnerable software versionsToolchain Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
libasan8-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libquadmath0-debuginfo: before 13.2.1+git7813-1.6.1
libobjc4-32bit: before 13.2.1+git7813-1.6.1
libquadmath0-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libitm1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libasan8-32bit: before 13.2.1+git7813-1.6.1
libgomp1-32bit: before 13.2.1+git7813-1.6.1
libitm1-32bit: before 13.2.1+git7813-1.6.1
libstdc++6-pp-32bit: before 13.2.1+git7813-1.6.1
libgfortran5-32bit: before 13.2.1+git7813-1.6.1
libquadmath0-32bit: before 13.2.1+git7813-1.6.1
libobjc4-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libgfortran5-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libubsan1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libatomic1-32bit: before 13.2.1+git7813-1.6.1
libgomp1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libgcc_s1-32bit: before 13.2.1+git7813-1.6.1
libquadmath0: before 13.2.1+git7813-1.6.1
libstdc++6-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libatomic1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libgcc_s1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libubsan1-32bit: before 13.2.1+git7813-1.6.1
libstdc++6-32bit: before 13.2.1+git7813-1.6.1
libgfortran5-debuginfo: before 13.2.1+git7813-1.6.1
libstdc++6-debuginfo: before 13.2.1+git7813-1.6.1
libgcc_s1: before 13.2.1+git7813-1.6.1
libstdc++6-pp: before 13.2.1+git7813-1.6.1
libgfortran5: before 13.2.1+git7813-1.6.1
libgcc_s1-debuginfo: before 13.2.1+git7813-1.6.1
libasan8-debuginfo: before 13.2.1+git7813-1.6.1
libitm1: before 13.2.1+git7813-1.6.1
liblsan0: before 13.2.1+git7813-1.6.1
libasan8: before 13.2.1+git7813-1.6.1
libatomic1-debuginfo: before 13.2.1+git7813-1.6.1
libgomp1: before 13.2.1+git7813-1.6.1
libitm1-debuginfo: before 13.2.1+git7813-1.6.1
libtsan2-debuginfo: before 13.2.1+git7813-1.6.1
libobjc4-debuginfo: before 13.2.1+git7813-1.6.1
libobjc4: before 13.2.1+git7813-1.6.1
libatomic1: before 13.2.1+git7813-1.6.1
libgomp1-debuginfo: before 13.2.1+git7813-1.6.1
libtsan2: before 13.2.1+git7813-1.6.1
libstdc++6: before 13.2.1+git7813-1.6.1
libubsan1-debuginfo: before 13.2.1+git7813-1.6.1
libhwasan0-debuginfo: before 13.2.1+git7813-1.6.1
libubsan1: before 13.2.1+git7813-1.6.1
libhwasan0: before 13.2.1+git7813-1.6.1
libstdc++6-locale: before 13.2.1+git7813-1.6.1
liblsan0-debuginfo: before 13.2.1+git7813-1.6.1
cross-nvptx-gcc13-debuginfo: before 13.2.1+git7813-1.6.1
cross-nvptx-newlib13-devel: before 13.2.1+git7813-1.6.1
cross-nvptx-gcc13: before 13.2.1+git7813-1.6.1
cross-nvptx-gcc13-debugsource: before 13.2.1+git7813-1.6.1
libstdc++6-devel-gcc13-32bit: before 13.2.1+git7813-1.6.1
gcc13-fortran-32bit: before 13.2.1+git7813-1.6.1
gcc13-c++-32bit: before 13.2.1+git7813-1.6.1
gcc13-32bit: before 13.2.1+git7813-1.6.1
gcc13-info: before 13.2.1+git7813-1.6.1
gcc13-c++-debuginfo: before 13.2.1+git7813-1.6.1
gcc13-fortran-debuginfo: before 13.2.1+git7813-1.6.1
cpp13: before 13.2.1+git7813-1.6.1
gcc13-locale: before 13.2.1+git7813-1.6.1
gcc13-debugsource: before 13.2.1+git7813-1.6.1
gcc13-debuginfo: before 13.2.1+git7813-1.6.1
cpp13-debuginfo: before 13.2.1+git7813-1.6.1
gcc13-fortran: before 13.2.1+git7813-1.6.1
gcc13-PIE: before 13.2.1+git7813-1.6.1
gcc13-c++: before 13.2.1+git7813-1.6.1
gcc13: before 13.2.1+git7813-1.6.1
libstdc++6-devel-gcc13: before 13.2.1+git7813-1.6.1
CPE2.3- cpe:2.3:o:suse:toolchain_module:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-LTSS-ERICSSON:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libasan8-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libquadmath0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libobjc4-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libquadmath0-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libitm1-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libasan8-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgomp1-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libitm1-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-pp-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgfortran5-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libquadmath0-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libobjc4-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgfortran5-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libubsan1-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libatomic1-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgomp1-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgcc_s1-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libquadmath0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libatomic1-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgcc_s1-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libubsan1-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgfortran5-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgcc_s1:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-pp:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgfortran5:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgcc_s1-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libasan8-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libitm1:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:liblsan0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libasan8:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libatomic1-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgomp1:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libitm1-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libtsan2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libobjc4-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libobjc4:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libatomic1:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libgomp1-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libtsan2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libubsan1-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libhwasan0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libubsan1:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libhwasan0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-locale:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:liblsan0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cross-nvptx-gcc13-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cross-nvptx-newlib13-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cross-nvptx-gcc13:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cross-nvptx-gcc13-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-devel-gcc13-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-fortran-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-c_plus_plus_-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-info:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-c_plus_plus_-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-fortran-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cpp13:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-locale:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cpp13-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-fortran:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-pie:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13-c_plus_plus:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gcc13:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libstdc_plus_plus_6-devel-gcc13:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234287-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
