Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-16326

kernel update [SLES15 SP4 5.14.21-150400.24.33.2]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Minor
    • None
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
      security and bugfixes.

      The following security bugs were fixed:

      • CVE-2022-28748: Fixed a leak of kernel memory over the network by
        ax88179_178a devices (bsc#1196018).
      • CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that
        could allow a local user to crash or potentially escalate their
        privileges on the system (bsc#1199904).
      • CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices
        (bnc#1202686).
      • CVE-2022-3169: Fixed an denial of service though request to
        NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
      • CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692).
      • CVE-2022-3424: Fixed use-after-free in gru_set_context_option(),
        gru_fault() and gru_handle_user_call_os() that could lead to kernel
        panic (bsc#1204166).
      • CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file
        net/ipv4/fib_semantics.c (bsc#1204171).
      • CVE-2022-3521: Fixed race condition in kcm_tx_work() in
        net/kcm/kcmsock.c (bnc#1204355).
      • CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6
        handler (bnc#1204354).
      • CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from
        drivers/net/macvlan.c (bnc#1204353).
      • CVE-2022-3545: Fixed use-after-free in area_cache_get() in
        drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
      • CVE-2022-3565: Fixed use-after-free in del_timer() in
        drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
      • CVE-2022-3621: Fixed null pointer dereference in
        nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
      • CVE-2022-3625: Fixed use-after-free in
        devlink_param_set()/devlink_param_get() in net/core/devlink.c
        (bnc#1204637).
      • CVE-2022-3628: Fixed potential buffer overflow in
        brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
      • CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in
        net/bluetooth/l2cap_core.c (bnc#1204619).
      • CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in
        fs/nilfs2/segment.c (bnc#1204646).
      • CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c
        (bnc#1203435).
      • CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck
        (bnc#1203514).
      • CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space
        client to corrupt the monitor's internal memory (bnc#1204653).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2022-November/012989.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16422 kernel update [SLES15 SP4 5.14.21-150400.24.38.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16294 kernel update [SLES15 SP4 5.14.21-150400.24.28.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: