Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4037: Fixed function logic vulnerability that allowed local
users to create files for the XFS file-system with an unintended group
ownership and with group execution and SGID permission bits set
(bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an
unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices
(bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could
lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE
(bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(),
gru_fault() and gru_handle_user_call_os() that could lead to kernel
panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in
net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6
handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in
drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in
drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in
drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device
driver that could lead to local privilege escalation or DoS
(bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could
allow a local unprivileged user to cause a denial of service
(bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in
drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in
nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in
devlink_param_set()/devlink_param_get() in net/core/devlink.c
(bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in
net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in
net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in
fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in
fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow
unprivileged guest users to compromise the guest kernel via TLB flush
operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf
anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space
client to corrupt the monitor's internal memory (bnc#1204653).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012967.html