[LU-16545] kernel update [SLES15 SP3 5.3.18-150300.59.109.1] Created: 09/Feb/23  Updated: 25/Apr/23  Resolved: 25/Apr/23

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-16432 kernel update [SLES15 SP3 5.3.18-1503... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA.
    (bsc#1207134)
  • CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic
    control subsystem which allowed an unprivileged user to trigger a denial
    of service via a crafted traffic control configuration. (bsc#1207237)
  • CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler
    (bsc#1207036)
  • CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial
    of service because of type confusion in atm_tc_enqueue. (bsc#1207125)
  • CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file
    net/ipv4/fib_semantics.c (bsc#1204171).
  • CVE-2022-4662: Fixed a recursive locking violation in usb-storage that
    can cause the kernel to deadlock. (bsc#1206664)
  • CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused
    by a lack of checks of the return value of kzalloc. (bsc#1206393)
  • CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust
    Security Network (RSN) information element from a Netlink packet.
    (bsc#1206515)
  • CVE-2022-3112: Fixed a null pointer dereference caused by lacks check
    of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases.
    (bsc#1206399)
  • CVE-2022-3564: Fixed a bug which could lead to use after free, it was
    found in the function l2cap_reassemble_sdu of the file
    net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
  • CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in
    drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the
    return value of kmemdup() could lead to a NULL pointer dereference.
    (bsc#1206389)
  • CVE-2019-19083: Fixed a memory leaks in clock_source_create that could
    allow attackers to cause a denial of service (bsc#1157049).
  • CVE-2022-42328: Fixed a bug which could allow guests to trigger denial
    of service via the netback driver (bsc#1206114).
  • CVE-2022-42329: Fixed a bug which could allow guests to trigger denial
    of service via the netback driver (bsc#1206113).
  • CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC
    interface reset/abort/crash via netback driver (bsc#1206113).
  • CVE-2022-3107: Fixed a null pointer dereference caused by a missing
    check of the return value of kvmalloc_array. (bsc#1206395)
  • CVE-2022-3111: Fixed a missing release of resource after effective
    lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in
    wm8350_init_charger. (bsc#1206394)
  • CVE-2022-3105: Fixed a null pointer dereference caused by a missing
    check of the return value of kmalloc_array. (bsc#1206398)
  • CVE-2022-3106: Fixed a null pointer dereference caused by a missing
    check of the return value of kmalloc. (bsc#1206397)

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013530.html
Generated at Sat Feb 10 03:27:56 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.