Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-15773

kernel update [SLES12 SP5 4.12.14-122.116.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 12 SP5 kernel was updated.

      The following security bugs were fixed:

      • CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
        netfilter subsystem. This vulnerability gives an attacker a powerful
        primitive that can be used to both read from and write to relative stack
        data, which can lead to arbitrary code execution. (bsc#1197227)
      • CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
        vulnerability in the Linux kernel. (bnc#1198033)
      • CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
        vulnerability in the Linux kernel. (bnc#1198031)
      • CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
        vulnerability in the Linux kernel. (bnc#1198032)
      • CVE-2022-0812: Fixed an incorrect header size calculations which could
        lead to a memory leak. (bsc#1196639)
      • CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
        use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock.
        (bsc#1197331)
      • CVE-2022-0850: Fixed a kernel information leak vulnerability in
        iov_iter.c. (bsc#1196761)
      • CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which
        allowed attackers to obtain sensitive information from the memory via
        crafted frame lengths from a USB device. (bsc#1196836)
      • CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
        which could lead to an use-after-free if there is a corrupted quota
        file. (bnc#1197366)
      • CVE-2021-39713: Fixed a race condition in the network scheduling
        subsystem which could lead to a use-after-free. (bnc#1196973)
        -
        CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,
        CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have
        lead to read/write access to memory pages or denial of service. These
        issues are related to the Xen PV device frontend drivers. (bsc#1196488)
      • CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An
        attacker with adjacent NFC access could crash the system or corrupt the
        system memory. (bsc#1196830)
      • CVE-2022-0001,CVE-2022-0002,CVE-2022-23960: Fixed a new kind of
        speculation issues, exploitable via JITed eBPF for instance.
        (bsc#1191580)
      • CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP
        transformation code. This flaw allowed a local attacker with a normal
        user privilege to overwrite kernel heap objects and may cause a local
        privilege escalation. (bnc#1197462)

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2022-April/010723.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-15960 kernel update [SLES12 SP5 4.12.14-122.121.2]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-15679 kernel update [SLES12 SP5 4.12.14-122.113.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: