Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-16718

kernel update [SLES15 SP4 5.14.21-150400.24.55.2]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • Lustre 2.16.0, Lustre 2.15.3
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
      and bugfixes.

      • CVE-2022-3523: Fixed a use after free related to device private page
        handling (bsc#1204363).
      • CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in
        vmwgfx driver (bsc#1203332).
      • CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query()
        (bsc#1203331).
      • CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
      • CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
      • CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm
        (bsc#1207845).
      • CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
      • CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets
        (bsc#1208599).
      • CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback
        (bsc#1208601).
      • CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed
        list head (bsc#1208777).
      • CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in
        media/rc (bsc#1208837).
      • CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in
        drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
      • CVE-2023-22998: Fixed NULL vs IS_ERR checking in
        virtio_gpu_object_shmem_init (bsc#1208776).
      • CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function
        phy/tegra (bsc#1208816).
      • CVE-2023-23004: Fixed misinterpretation of get_sg_table return value
        (bsc#1208843).
      • CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer
        overflow (bsc#1207051).
      • CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
      • CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation
        failure (bsc#1208700).
      • CVE-2023-28328: Fixed a denial of service issue in az6027 driver in
        drivers/media/usb/dev-usb/az6027.c (bsc#1209291).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2023-March/014289.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-17113 kernel update [SLES15 SP4 5.14.21-150400.24.81.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16601 kernel update [SLES15 SP4 5.14.21-150400.24.46.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: