Hello
I have a general question about CVE: in most of case, if I found a CVE on mitre, I can find it on suse.com and see its status (pending, analysis, running, resolved, etc…).
Now, I found a CVE on mitre (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829), concerning the kernel but nothing on suse website (even in bugzilla). How can I be sure that this CVE does not impact my SLES (SLES12SP3 LTSS or SLES12SP5 for info) ?
When a CVE is created, what’s its way on SUSE side ? is there any way to check that SUSE treats it ?
Thanks
Frederic
@Frederic Hi, the kernel commit is for kernels > 5.13(?), you might need to open a Support Request about this, else did you see the announcement about this forum closing, perhaps a post to the new one may glean additional comments?
I didn’t see that forum is closing, thanks to highlighting that.
According to RFC 2328 section 13.1, recency is calculated by comparing sequence numbers, checksums, and finally MaxAge for two instances of the same LSA. When the sequence numbers are the same, the LSA with the higher checksum is regarded the most recent and is not flushed from the Link State Database (LSDB). Because the RFC does not state that the values of links carried by an LSA must be the same when prematurely ageing a self-originating LSA with MaxSequenceNumber, an attacker could craft an LSA with MaxSequenceNumber and invalid links, resulting in a larger checksum and thus a ‘newer’ LSA that will not be flushed from the LSDB in vulnerable OSPF implementations.