Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback
driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback
driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in
drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in
inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
(bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which
could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB
devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the
net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
which may have allowed code execution and leaking kernel memory
(respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the
net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions
tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race
condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability
involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to
signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
(bsc#1204780).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013296.html