[LU-16422] kernel update [SLES15 SP4 5.14.21-150400.24.38.1] Created: 21/Dec/22  Updated: 09/Feb/23  Resolved: 09/Feb/23

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-16326 kernel update [SLES15 SP4 5.14.21-150... Resolved
is related to LU-16546 kernel update [SLES15 SP4 5.14.21-150... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
  • CVE-2022-42328: Guests could trigger denial of service via the netback
    driver (bsc#1206114).
  • CVE-2022-42329: Guests could trigger denial of service via the netback
    driver (bsc#1206113).
  • CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
    netback driver (bsc#1206113).
  • CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
    drivers/atm/idt77252.c (bsc#1204631).
  • CVE-2022-41850: Fixed a race condition in roccat_report_event() in
    drivers/hid/hid-roccat.c (bsc#1203960).
  • CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
    l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
  • CVE-2022-3567: Fixed a to race condition in
    inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
  • CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
    drivers/net/slip (bsc#1205671).
  • CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
    (bsc#1205128).
  • CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
  • CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
    USB driver (bsc#1205220).
  • CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which
    could cause a denial of service (bsc#1205882).
  • CVE-2022-45888: Fixed a use-after-free during physical removal of a USB
    devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
  • CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
    to access any physical memory (bsc#1205700).
  • CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
    Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
    race condition and NULL pointer dereference. (bsc#1205711)
  • CVE-2022-42896: Fixed a use-after-free vulnerability in the
    net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
    which may have allowed code execution and leaking kernel memory
    (respectively) remotely via Bluetooth (bsc#1205709).
  • CVE-2022-42895: Fixed an information leak in the
    net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
    leak kernel pointers remotely (bsc#1205705).
  • CVE-2022-3566: Fixed a race condition in the functions
    tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race
    condition (bsc#1204405).
  • CVE-2022-2602: Fixed a local privilege escalation vulnerability
    involving Unix socket Garbage Collection and io_uring (bsc#1204228).
  • CVE-2022-3176: Fixed a use-after-free in io_uring related to
    signalfd_poll() and binder_poll() (bsc#1203391).
  • CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
    (bsc#1204780).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013296.html

 Comments   
Comment by Jian Yu [ 09/Feb/23 ]

A new version is available in LU-16546.

Generated at Sat Feb 10 03:26:53 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.