[LU-15490] kernel update [SLES15 SP3 5.3.18-150300.59.43.1] Created: 27/Jan/22  Updated: 18/Feb/22  Resolved: 18/Feb/22

Status: Closed
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-15337 kernel update [SLES15 SP3 5.3.18-59.3... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-0185: Incorrect param length parsing in legacy_parse_param
    which could have led to a local privilege escalation (bsc#1194517).
  • CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk
    (bsc#1194985).
  • CVE-2021-4197: Fixed a cgroup issue where lower privileged processes
    could write to fds of lower privileged ones that could lead to privilege
    escalation (bsc#1194302).
  • CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the
    Linux kernel allowed local users to cause a denial of service (NULL
    pointer dereference and general protection fault) because of the missing
    initialization for nft_set_elem_expr_alloc. A local user can set a
    netfilter table expression in their own namespace (bnc#1194518).
  • CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc
    function (bsc#1193927).
  • CVE-2021-4202: Fixed a race condition during NFC device remove which
    could lead to a use-after-free memory corruption (bsc#1194529)
  • CVE-2021-4083: A read-after-free memory flaw was found in the Linux
    kernel's garbage collection for Unix domain socket file handlers in the
    way users call close() and fget() simultaneously and can potentially
    trigger a race condition. This flaw allowed a local user to crash the
    system or escalate their privileges on the system. This flaw affects
    Linux kernel versions prior to 5.16-rc4 (bnc#1193727).
  • CVE-2021-4149: Fixed a locking condition in btrfs which could lead to
    system deadlocks (bsc#1194001).
  • CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has
    an information leak because of certain use of a hash table which,
    although big, doesn't properly consider that IPv6-based attackers can
    typically choose among many IPv6 source addresses (bnc#1194094).
  • CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an
    information leak because the hash table is very small (bnc#1194087).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010079.html

 Comments   
Comment by Gerrit Updater [ 27/Jan/22 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/46347
Subject: LU-15490 kernel: kernel update SLES15 SP3 [5.3.18-150300.59.43.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 9f6e700aadcde3723b098dbe4c60375132cd33d6

Comment by Jian Yu [ 18/Feb/22 ]

A new version is available in LU-15569.

Generated at Sat Feb 10 03:18:45 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.