Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre
like Branch Target Buffer attack, that can leak arbitrary kernel
information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that
could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond
unconditional direct branches, which may potentially result in data
leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in
the way a user forces the ath9k_htc_wait_for_target function to fail
with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input
validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size
in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking
in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS
subsystem, related to the replication of files with NFS. A user could
potentially crash the system or escalate privileges on the system
(bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in
lock_sock_nested of sock.c. This could lead to local escalation of
privilege with System execution privileges needed (bsc#1200599).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-July/011657.html