[LU-15678] kernel update [SLES15 SP3 5.3.18-150300.59.54.1] Created: 23/Mar/22  Updated: 18/Jun/22  Resolved: 18/Jun/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-15569 kernel update [SLES15 SP3 5.3.18-1503... Resolved
is related to LU-15772 kernel update [SLES15 SP3 5.3.18-1503... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The following security bugs were fixed:

  • CVE-2022-0001: Fixed Branch History Injection vulnerability
    (bsc#1191580).
  • CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
    (bsc#1191580).
  • CVE-2022-0847: Fixed a vulnerability were a local attackers could
    overwrite data in arbitrary (read-only) files (bsc#1196584).
  • CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the
    RNDIS_MSG_SET command. Attackers can obtain sensitive information from
    kernel memory (bnc#1196235 ).
  • CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
    release_agent feature, which allowed bypassing namespace isolation
    unexpectedly (bsc#1195543).
  • CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390
    allows kernel memory read/write (bsc#1195516).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-March/010397.html

 Comments   
Comment by Gerrit Updater [ 23/Mar/22 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/46898
Subject: LU-15678 kernel: kernel update SLES15 SP3 [5.3.18-150300.59.54.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 8ae56594f19a3827a8b90f47b491a8b6fcadfa1c

Comment by Jian Yu [ 18/Jun/22 ]

A new version is in LU-15958.

Generated at Sat Feb 10 03:20:23 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.