Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2023-4039: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

SUSE: CVE-2023-4039: SUSE Linux Security Advisory

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/13/2023
Created
09/20/2023
Added
09/19/2023
Modified
02/21/2024

Description

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

Solution(s)

  • suse-upgrade-cpp12
  • suse-upgrade-cpp13
  • suse-upgrade-cpp7
  • suse-upgrade-cross-aarch64-gcc12-bootstrap
  • suse-upgrade-cross-aarch64-gcc7
  • suse-upgrade-cross-aarch64-gcc7-icecream-backend
  • suse-upgrade-cross-arm-gcc12
  • suse-upgrade-cross-arm-gcc12-icecream-backend
  • suse-upgrade-cross-arm-gcc7
  • suse-upgrade-cross-arm-none-gcc12-bootstrap
  • suse-upgrade-cross-arm-none-gcc7-bootstrap
  • suse-upgrade-cross-avr-gcc12-bootstrap
  • suse-upgrade-cross-avr-gcc7-bootstrap
  • suse-upgrade-cross-epiphany-gcc12-bootstrap
  • suse-upgrade-cross-epiphany-gcc7-bootstrap
  • suse-upgrade-cross-hppa-gcc12
  • suse-upgrade-cross-hppa-gcc12-bootstrap
  • suse-upgrade-cross-hppa-gcc12-icecream-backend
  • suse-upgrade-cross-hppa-gcc7
  • suse-upgrade-cross-hppa-gcc7-icecream-backend
  • suse-upgrade-cross-i386-gcc7
  • suse-upgrade-cross-i386-gcc7-icecream-backend
  • suse-upgrade-cross-m68k-gcc12
  • suse-upgrade-cross-m68k-gcc12-icecream-backend
  • suse-upgrade-cross-m68k-gcc7
  • suse-upgrade-cross-m68k-gcc7-icecream-backend
  • suse-upgrade-cross-mips-gcc12
  • suse-upgrade-cross-mips-gcc12-icecream-backend
  • suse-upgrade-cross-mips-gcc7
  • suse-upgrade-cross-mips-gcc7-icecream-backend
  • suse-upgrade-cross-nvptx-gcc12
  • suse-upgrade-cross-nvptx-gcc13
  • suse-upgrade-cross-nvptx-gcc7
  • suse-upgrade-cross-nvptx-newlib12-devel
  • suse-upgrade-cross-nvptx-newlib13-devel
  • suse-upgrade-cross-nvptx-newlib7-devel
  • suse-upgrade-cross-ppc64-gcc12
  • suse-upgrade-cross-ppc64-gcc12-icecream-backend
  • suse-upgrade-cross-ppc64-gcc7
  • suse-upgrade-cross-ppc64-gcc7-icecream-backend
  • suse-upgrade-cross-ppc64le-gcc12
  • suse-upgrade-cross-ppc64le-gcc12-icecream-backend
  • suse-upgrade-cross-ppc64le-gcc7
  • suse-upgrade-cross-ppc64le-gcc7-icecream-backend
  • suse-upgrade-cross-riscv64-elf-gcc12-bootstrap
  • suse-upgrade-cross-riscv64-gcc12-bootstrap
  • suse-upgrade-cross-rx-gcc12-bootstrap
  • suse-upgrade-cross-rx-gcc7-bootstrap
  • suse-upgrade-cross-s390x-gcc12
  • suse-upgrade-cross-s390x-gcc12-icecream-backend
  • suse-upgrade-cross-s390x-gcc7
  • suse-upgrade-cross-s390x-gcc7-icecream-backend
  • suse-upgrade-cross-sparc-gcc12
  • suse-upgrade-cross-sparc-gcc7
  • suse-upgrade-cross-sparc64-gcc12
  • suse-upgrade-cross-sparc64-gcc12-icecream-backend
  • suse-upgrade-cross-sparc64-gcc7
  • suse-upgrade-cross-sparc64-gcc7-icecream-backend
  • suse-upgrade-cross-sparcv9-gcc12-icecream-backend
  • suse-upgrade-cross-sparcv9-gcc7-icecream-backend
  • suse-upgrade-cross-x86_64-gcc12
  • suse-upgrade-cross-x86_64-gcc12-icecream-backend
  • suse-upgrade-cross-x86_64-gcc7
  • suse-upgrade-cross-x86_64-gcc7-icecream-backend
  • suse-upgrade-gcc12
  • suse-upgrade-gcc12-32bit
  • suse-upgrade-gcc12-ada
  • suse-upgrade-gcc12-ada-32bit
  • suse-upgrade-gcc12-c
  • suse-upgrade-gcc12-c-32bit
  • suse-upgrade-gcc12-d
  • suse-upgrade-gcc12-d-32bit
  • suse-upgrade-gcc12-fortran
  • suse-upgrade-gcc12-fortran-32bit
  • suse-upgrade-gcc12-go
  • suse-upgrade-gcc12-go-32bit
  • suse-upgrade-gcc12-info
  • suse-upgrade-gcc12-locale
  • suse-upgrade-gcc12-obj-c
  • suse-upgrade-gcc12-obj-c-32bit
  • suse-upgrade-gcc12-objc
  • suse-upgrade-gcc12-objc-32bit
  • suse-upgrade-gcc12-pie
  • suse-upgrade-gcc12-testresults
  • suse-upgrade-gcc13
  • suse-upgrade-gcc13-32bit
  • suse-upgrade-gcc13-ada
  • suse-upgrade-gcc13-ada-32bit
  • suse-upgrade-gcc13-c
  • suse-upgrade-gcc13-c-32bit
  • suse-upgrade-gcc13-d
  • suse-upgrade-gcc13-d-32bit
  • suse-upgrade-gcc13-fortran
  • suse-upgrade-gcc13-fortran-32bit
  • suse-upgrade-gcc13-go
  • suse-upgrade-gcc13-go-32bit
  • suse-upgrade-gcc13-info
  • suse-upgrade-gcc13-locale
  • suse-upgrade-gcc13-m2
  • suse-upgrade-gcc13-m2-32bit
  • suse-upgrade-gcc13-obj-c
  • suse-upgrade-gcc13-obj-c-32bit
  • suse-upgrade-gcc13-objc
  • suse-upgrade-gcc13-objc-32bit
  • suse-upgrade-gcc13-pie
  • suse-upgrade-gcc7
  • suse-upgrade-gcc7-32bit
  • suse-upgrade-gcc7-ada
  • suse-upgrade-gcc7-ada-32bit
  • suse-upgrade-gcc7-c
  • suse-upgrade-gcc7-c-32bit
  • suse-upgrade-gcc7-fortran
  • suse-upgrade-gcc7-fortran-32bit
  • suse-upgrade-gcc7-go
  • suse-upgrade-gcc7-go-32bit
  • suse-upgrade-gcc7-info
  • suse-upgrade-gcc7-locale
  • suse-upgrade-gcc7-obj-c
  • suse-upgrade-gcc7-obj-c-32bit
  • suse-upgrade-gcc7-objc
  • suse-upgrade-gcc7-objc-32bit
  • suse-upgrade-gcc7-testresults
  • suse-upgrade-libada12
  • suse-upgrade-libada12-32bit
  • suse-upgrade-libada13
  • suse-upgrade-libada13-32bit
  • suse-upgrade-libada7
  • suse-upgrade-libada7-32bit
  • suse-upgrade-libasan4
  • suse-upgrade-libasan4-32bit
  • suse-upgrade-libasan8
  • suse-upgrade-libasan8-32bit
  • suse-upgrade-libatomic1
  • suse-upgrade-libatomic1-32bit
  • suse-upgrade-libatomic1-gcc7
  • suse-upgrade-libatomic1-gcc7-32bit
  • suse-upgrade-libcilkrts5
  • suse-upgrade-libcilkrts5-32bit
  • suse-upgrade-libgcc_s1
  • suse-upgrade-libgcc_s1-32bit
  • suse-upgrade-libgcc_s1-gcc7
  • suse-upgrade-libgcc_s1-gcc7-32bit
  • suse-upgrade-libgdruntime3
  • suse-upgrade-libgdruntime3-32bit
  • suse-upgrade-libgdruntime4
  • suse-upgrade-libgdruntime4-32bit
  • suse-upgrade-libgfortran4
  • suse-upgrade-libgfortran4-32bit
  • suse-upgrade-libgfortran5
  • suse-upgrade-libgfortran5-32bit
  • suse-upgrade-libgo11
  • suse-upgrade-libgo11-32bit
  • suse-upgrade-libgo21
  • suse-upgrade-libgo21-32bit
  • suse-upgrade-libgo22
  • suse-upgrade-libgo22-32bit
  • suse-upgrade-libgomp1
  • suse-upgrade-libgomp1-32bit
  • suse-upgrade-libgomp1-gcc7
  • suse-upgrade-libgomp1-gcc7-32bit
  • suse-upgrade-libgphobos3
  • suse-upgrade-libgphobos3-32bit
  • suse-upgrade-libgphobos4
  • suse-upgrade-libgphobos4-32bit
  • suse-upgrade-libhwasan0
  • suse-upgrade-libitm1
  • suse-upgrade-libitm1-32bit
  • suse-upgrade-libitm1-gcc7
  • suse-upgrade-libitm1-gcc7-32bit
  • suse-upgrade-liblsan0
  • suse-upgrade-liblsan0-gcc7
  • suse-upgrade-libm2cor18
  • suse-upgrade-libm2cor18-32bit
  • suse-upgrade-libm2iso18
  • suse-upgrade-libm2iso18-32bit
  • suse-upgrade-libm2log18
  • suse-upgrade-libm2log18-32bit
  • suse-upgrade-libm2min18
  • suse-upgrade-libm2min18-32bit
  • suse-upgrade-libm2pim18
  • suse-upgrade-libm2pim18-32bit
  • suse-upgrade-libmpx2-gcc7
  • suse-upgrade-libmpx2-gcc7-32bit
  • suse-upgrade-libmpxwrappers2-gcc7
  • suse-upgrade-libmpxwrappers2-gcc7-32bit
  • suse-upgrade-libobjc4
  • suse-upgrade-libobjc4-32bit
  • suse-upgrade-libobjc4-gcc7
  • suse-upgrade-libobjc4-gcc7-32bit
  • suse-upgrade-libquadmath0
  • suse-upgrade-libquadmath0-32bit
  • suse-upgrade-libquadmath0-gcc7
  • suse-upgrade-libquadmath0-gcc7-32bit
  • suse-upgrade-libstdc-6
  • suse-upgrade-libstdc-6-32bit
  • suse-upgrade-libstdc-6-devel-gcc12
  • suse-upgrade-libstdc-6-devel-gcc12-32bit
  • suse-upgrade-libstdc-6-devel-gcc13
  • suse-upgrade-libstdc-6-devel-gcc13-32bit
  • suse-upgrade-libstdc-6-devel-gcc7
  • suse-upgrade-libstdc-6-devel-gcc7-32bit
  • suse-upgrade-libstdc-6-gcc7
  • suse-upgrade-libstdc-6-gcc7-32bit
  • suse-upgrade-libstdc-6-gcc7-locale
  • suse-upgrade-libstdc-6-locale
  • suse-upgrade-libstdc-6-pp
  • suse-upgrade-libstdc-6-pp-32bit
  • suse-upgrade-libtsan0-gcc7
  • suse-upgrade-libtsan2
  • suse-upgrade-libubsan0
  • suse-upgrade-libubsan0-32bit
  • suse-upgrade-libubsan1
  • suse-upgrade-libubsan1-32bit

References

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;