[LU-15960] kernel update [SLES12 SP5 4.12.14-122.121.2] Created: 18/Jun/22  Updated: 11/Aug/22  Resolved: 11/Aug/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-15773 kernel update [SLES12 SP5 4.12.14-122... Resolved
is related to LU-16093 kernel update [SLES12 SP5 4.12.14-122... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-28748: Fixed memory lead over the network by ax88179_178a
    devices (bsc#1196018).
  • CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c
    (bnc#1197391).
  • CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
    (bsc#1199012).
  • CVE-2022-1419: Fixed a concurrency use-after-free in
    vgem_gem_dumb_create (bsc#1198742).
  • CVE-2022-1353: Fixed access controll to kernel memory in the
    pfkey_register function in net/key/af_key.c (bnc#1198516).
  • CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
    drivers/gpu/drm/drm_lease.c (bnc#1197914).
  • CVE-2022-1011: Fixed a use-after-free flaw inside the FUSE filesystem in
    the way a user triggers write(). This flaw allowed a local user to gain
    unauthorized access to data from the FUSE filesystem, resulting in
    privilege escalation (bnc#1197343).
  • CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
    detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
  • CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
    BUG) by making a getsockname call after a certain type of failure of a
    bind call (bnc#1187055).
  • CVE-2021-20321: Fixed a race condition accessing file object in the
    OverlayFS subsystem in the way users do rename in specific way with
    OverlayFS. A local user could have used this flaw to crash the system
    (bnc#1191647).
  • CVE-2021-20292: Fixed object validation prior to performing operations
    on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem
    (bnc#1183723).
  • CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
    netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference
    count is mishandled (bnc#1172456).
  • CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in
    drivers/block/floppy.c. The floppy driver will copy a kernel pointer to
    user memory in response to the FDGETPRM ioctl. An attacker can send the
    FDGETPRM ioctl and use the obtained kernel pointer to discover the
    location of kernel code and data and bypass kernel security protections
    such as KASLR (bnc#1084513).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011035.html

 Comments   
Comment by Jian Yu [ 11/Aug/22 ]

A new version is available in LU-16093.

Generated at Sat Feb 10 03:22:46 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.