Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-16422

kernel update [SLES15 SP4 5.14.21-150400.24.38.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Minor
    • None
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
      security and bugfixes.

      The following security bugs were fixed:

      • CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
      • CVE-2022-42328: Guests could trigger denial of service via the netback
        driver (bsc#1206114).
      • CVE-2022-42329: Guests could trigger denial of service via the netback
        driver (bsc#1206113).
      • CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
        netback driver (bsc#1206113).
      • CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
        drivers/atm/idt77252.c (bsc#1204631).
      • CVE-2022-41850: Fixed a race condition in roccat_report_event() in
        drivers/hid/hid-roccat.c (bsc#1203960).
      • CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
        l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
      • CVE-2022-3567: Fixed a to race condition in
        inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
      • CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
        drivers/net/slip (bsc#1205671).
      • CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
        (bsc#1205128).
      • CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
      • CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
        USB driver (bsc#1205220).
      • CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which
        could cause a denial of service (bsc#1205882).
      • CVE-2022-45888: Fixed a use-after-free during physical removal of a USB
        devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
      • CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
        to access any physical memory (bsc#1205700).
      • CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
        Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
        race condition and NULL pointer dereference. (bsc#1205711)
      • CVE-2022-42896: Fixed a use-after-free vulnerability in the
        net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
        which may have allowed code execution and leaking kernel memory
        (respectively) remotely via Bluetooth (bsc#1205709).
      • CVE-2022-42895: Fixed an information leak in the
        net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
        leak kernel pointers remotely (bsc#1205705).
      • CVE-2022-3566: Fixed a race condition in the functions
        tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race
        condition (bsc#1204405).
      • CVE-2022-2602: Fixed a local privilege escalation vulnerability
        involving Unix socket Garbage Collection and io_uring (bsc#1204228).
      • CVE-2022-3176: Fixed a use-after-free in io_uring related to
        signalfd_poll() and binder_poll() (bsc#1203391).
      • CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
        (bsc#1204780).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2022-December/013296.html

      Attachments

        Issue Links

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: