[LU-16273] kernel update [SLES15 SP3 5.3.18-150300.59.98.1] Created: 27/Oct/22  Updated: 18/Nov/22  Resolved: 18/Nov/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-16173 kernel update [SLES15 SP3 5.3.18-1503... Resolved
is related to LU-16325 kernel update [SLES15 SP3 5.3.18-1503... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

  • CVE-2022-40768: Fixed information leak in the scsi driver which allowed
    local users to obtain sensitive information from kernel memory.
    (bnc#1203514)
  • CVE-2022-3169: Fixed a denial of service flaw which occurs when
    consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET
    are sent. (bnc#1203290)
  • CVE-2022-42722: Fixed crash in beacon protection for P2P-device.
    (bsc#1204125)
  • CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
  • CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
  • CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)
  • CVE-2022-3303: Fixed a race condition in the sound subsystem due to
    improper locking (bnc#1203769).
  • CVE-2022-41218: Fixed an use-after-free caused by refcount races in
    drivers/media/dvb-core/dmxdev.c (bnc#1202960).
  • CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
    could lead a local user to able to crash the system or escalate their
    privileges (bnc#1203552).
  • CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
    physically proximate attacker removes a PCMCIA device while calling
    ioctl (bnc#1203987).
  • CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
    physically proximate attacker removes a USB device while calling open
    (bnc#1203992).
  • CVE-2022-41674: Fixed a DoS issue where kernel can crash on the
    reception of specific WiFi Frames (bsc#1203770).
  • CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
    table is deleted (bnc#1202095).
  • CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap
    lock is not held during a PUD move (bnc#1203622).
  • CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads
    allowed users with root privileges to switch out the target with an
    equivalent dm-linear target and bypass verification till reboot. This
    allowed root to bypass LoadPin and can be used to load untrusted and
    unverified kernel modules and firmware, which implies arbitrary kernel
    execution and persistence for peripherals that do not verify firmware
    updates (bnc#1202677).
  • CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due
    to uninitialized data. This could lead to local information disclosure
    if reading from an SD card that triggers errors, with no additional
    execution privileges needed. (bnc#1199564)
  • CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a
    local attacker due to reuse of a DCCP socket. (bnc#1177471)

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-October/012711.html

 Comments   
Comment by Gerrit Updater [ 27/Oct/22 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/48974
Subject: LU-16273 kernel: kernel update SLES15 SP3 [5.3.18-150300.59.98.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 7846cd6011d893399715578e28452757d2ff41a9

Comment by Jian Yu [ 18/Nov/22 ]

A new version is available in LU-16325.

Generated at Sat Feb 10 03:25:33 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.