Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-16122

kernel update [SLES15 SP3 5.3.18-150300.59.90.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Minor
    • None
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
      security and bugfixes.

      The following security bugs were fixed:

      • CVE-2020-36516: Fixed TCP session data injection vulnerability via the
        mixed IPID assignment method (bnc#1196616).
      • CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl
        and closing/opening of ttys that could lead to a use-after-free
        (bnc#1201429).
      • CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could
        lead to a NULL pointer dereference and general protection fault
        (bnc#1200910).
      • CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
        (bnc#1201635).
      • CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT
        (bnc#1201636).
      • CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which
        allowed a local attacker to cause memory corruption and escalate
        privileges to root (bnc#1199647).
      • CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe
        subsystem (bnc#1198829).
      • CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer
        handler in net/rose/rose_timer.c that allow attackers to crash the
        system without any privileges (bsc#1201251).
      • CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds
        write in reserve_sfa_size() (bsc#1202154).
      • CVE-2022-20166: Fixed possible out of bounds write due to sprintf
        unsafety that could cause local escalation of privilege (bnc#1200598)
      • CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy
        (bsc#1201458).
      • CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
        multiple potential data leaks with Block and Network devices when using
        untrusted backends (bsc#1200762).
      • CVE-2022-29581: Fixed improper update of Reference Count in net/sched
        that could cause root privilege escalation (bnc#1199665).
      • CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c
        that could allow local privilege escalation (bnc#1200015).
      • CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that
        could lead to remote DoS (bnc#1201940).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2022-August/011976.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16173 kernel update [SLES15 SP3 5.3.18-150300.59.93.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16092 kernel update [SLES15 SP3 5.3.18-150300.59.87.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: