Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-16294

kernel update [SLES15 SP4 5.14.21-150400.24.28.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0, Lustre 2.15.2
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP4 kernel was updated.

      The following security bugs were fixed:

      • CVE-2022-3303: Fixed a race condition in the sound subsystem due to
        improper locking (bnc#1203769).
      • CVE-2022-41218: Fixed an use-after-free caused by refcount races in
        drivers/media/dvb-core/dmxdev.c (bnc#1202960).
      • CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
        could lead a local user to able to crash the system or escalate their
        privileges (bnc#1203552).
      • CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
        physically proximate attacker removes a PCMCIA device while calling
        ioctl (bnc#1203987).
      • CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
        physically proximate attacker removes a USB device while calling open
        (bnc#1203992).
      • CVE-2022-41674: Fixed a DoS issue where kernel can crash on the
        reception of specific WiFi Frames (bsc#1203770).
      • CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM
        when releasing a vCPU with dirty ring support enabled. This flaw allowed
        an unprivileged local attacker on the host to issue specific ioctl
        calls, causing a kernel oops condition that results in a denial of
        service (bnc#1198189).
      • CVE-2022-32296: Fixed a bug which allowed TCP servers to identify
        clients by observing what source ports are used (bnc#1200288).
      • CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File
        System. This could allow a local attacker to crash the system or leak
        kernel internal information (bnc#1203389).
      • CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows
        unprivileged guest users to compromise the guest kernel because TLB
        flush operations are mishandled (bnc#1203066).
      • CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
        table is deleted (bnc#1202095).
      • CVE-2022-42722: Fixed crash in beacon protection for P2P-device.
        (bsc#1204125)
      • CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
      • CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
      • CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2022-November/012797.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16326 kernel update [SLES15 SP4 5.14.21-150400.24.33.2]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16174 kernel update [SLES15 SP4 5.14.21-150400.24.21.2]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: