[LU-16122] kernel update [SLES15 SP3 5.3.18-150300.59.90.1] Created: 29/Aug/22  Updated: 20/Sep/22  Resolved: 20/Sep/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-16092 kernel update [SLES15 SP3 5.3.18-1503... Resolved
is related to LU-16173 kernel update [SLES15 SP3 5.3.18-1503... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-36516: Fixed TCP session data injection vulnerability via the
    mixed IPID assignment method (bnc#1196616).
  • CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl
    and closing/opening of ttys that could lead to a use-after-free
    (bnc#1201429).
  • CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could
    lead to a NULL pointer dereference and general protection fault
    (bnc#1200910).
  • CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
    (bnc#1201635).
  • CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT
    (bnc#1201636).
  • CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which
    allowed a local attacker to cause memory corruption and escalate
    privileges to root (bnc#1199647).
  • CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe
    subsystem (bnc#1198829).
  • CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer
    handler in net/rose/rose_timer.c that allow attackers to crash the
    system without any privileges (bsc#1201251).
  • CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds
    write in reserve_sfa_size() (bsc#1202154).
  • CVE-2022-20166: Fixed possible out of bounds write due to sprintf
    unsafety that could cause local escalation of privilege (bnc#1200598)
  • CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy
    (bsc#1201458).
  • CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
    multiple potential data leaks with Block and Network devices when using
    untrusted backends (bsc#1200762).
  • CVE-2022-29581: Fixed improper update of Reference Count in net/sched
    that could cause root privilege escalation (bnc#1199665).
  • CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c
    that could allow local privilege escalation (bnc#1200015).
  • CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that
    could lead to remote DoS (bnc#1201940).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011976.html

 Comments   
Comment by Gerrit Updater [ 29/Aug/22 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/48368
Subject: LU-16122 kernel: kernel update SLES15 SP3 [5.3.18-150300.59.90.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 74075e1ee6d352ee991193b79c27d8ed10000bf8

Comment by Jian Yu [ 20/Sep/22 ]

A new version is available in LU-16173.

Generated at Sat Feb 10 03:24:12 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.