[LU-16432] kernel update [SLES15 SP3 5.3.18-150300.59.106.1] Created: 23/Dec/22  Updated: 09/Feb/23  Resolved: 09/Feb/23

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-16325 kernel update [SLES15 SP3 5.3.18-1503... Resolved
is related to LU-16545 kernel update [SLES15 SP3 5.3.18-1503... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
  • CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
    drivers/atm/idt77252.c (bsc#1204631).
  • CVE-2022-41850: Fixed a race condition in roccat_report_event() in
    drivers/hid/hid-roccat.c (bsc#1203960).
  • CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
    l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
  • CVE-2022-3628: Fixed potential buffer overflow in
    brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
  • CVE-2022-3567: Fixed a to race condition in
    inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
  • CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
    drivers/net/slip (bsc#1205671).
  • CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
    (bsc#1205128).
  • CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
  • CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
    USB driver (bsc#1205220).
  • CVE-2022-2602: Fixed a local privilege escalation vulnerability
    involving Unix socket Garbage Collection and io_uring (bsc#1204228).
  • CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
    to access any physical memory (bsc#1205700).
  • CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
    Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
    race condition and NULL pointer dereference. (bsc#1205711)
  • CVE-2022-42895: Fixed an information leak in the
    net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
    leak kernel pointers remotely (bsc#1205705).
  • CVE-2022-42896: Fixed a use-after-free vulnerability in the
    net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
    which may have allowed code execution and leaking kernel memory
    (respectively) remotely via Bluetooth (bsc#1205709).
  • CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
    (bsc#1204780).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013339.html

 Comments   
Comment by Jian Yu [ 09/Feb/23 ]

A new version is available in LU-16545.

Generated at Sat Feb 10 03:26:58 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.