Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA.
(bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic
control subsystem which allowed an unprivileged user to trigger a denial
of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler
(bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial
of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file
net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that
can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused
by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust
Security Network (RSN) information element from a Netlink packet.
(bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check
of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases.
(bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was
found in the function l2cap_reassemble_sdu of the file
net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in
drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the
return value of kmemdup() could lead to a NULL pointer dereference.
(bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could
allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial
of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial
of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC
interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing
check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective
lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in
wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing
check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing
check of the return value of kmalloc. (bsc#1206397)
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013530.html
Attachments
Issue Links
- is related to
-
-
- Resolved
-