[LU-16546] kernel update [SLES15 SP4 5.14.21-150400.24.41.1] Created: 09/Feb/23  Updated: 25/Apr/23  Resolved: 25/Apr/23

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-16422 kernel update [SLES15 SP4 5.14.21-150... Resolved
is related to LU-16601 kernel update [SLES15 SP4 5.14.21-150... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-3344: Fixed a bug where nested shutdown interception could lead
    to host crash (bsc#1204652)
  • CVE-2022-4662: Fixed a recursive locking violation in usb-storage that
    can cause the kernel to deadlock. (bsc#1206664)
  • CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused
    by a lack of checks of the return value of kzalloc. (bsc#1206393)
  • CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust
    Security Network (RSN) information element from a Netlink packet.
    (bsc#1206515)
  • CVE-2022-3112: Fixed a null pointer dereference caused by lacks check
    of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases.
    (bsc#1206399)
  • CVE-2022-3564: Fixed a bug which could lead to use after free, it was
    found in the function l2cap_reassemble_sdu of the file
    net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
  • CVE-2022-4379: Fixed a use-after-free vulnerability in
    nfs4file.c:__nfs42_ssc_open. (bsc#1206209)
  • CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in
    drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the
    return value of kmemdup() could lead to a NULL pointer dereference.
    (bsc#1206389)
  • CVE-2022-3104: Fixed a null pointer dereference caused by caused by a
    missing check of the return value of kzalloc() in
    bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396)
  • CVE-2022-3113: Fixed a null pointer dereference caused by a missing
    check of the return value of devm_kzalloc. (bsc#1206390)
  • CVE-2022-3107: Fixed a null pointer dereference caused by a missing
    check of the return value of kvmalloc_array. (bsc#1206395)
  • CVE-2022-3114: Fixed a null pointer dereference caused by a missing
    check of the return value of kcalloc. (bsc#1206391)
  • CVE-2022-3111: Fixed a missing release of resource after effective
    lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in
    wm8350_init_charger. (bsc#1206394)
  • CVE-2022-3105: Fixed a null pointer dereference caused by a missing
    check of the return value of kmalloc_array. (bsc#1206398)
  • CVE-2022-3106: Fixed a null pointer dereference caused by a missing
    check of the return value of kmalloc. (bsc#1206397)

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013529.html

 Comments   
Comment by Gerrit Updater [ 15/Feb/23 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50004
Subject: LU-16546 kernel: kernel update SLES15 SP4 [5.14.21-150400.24.41.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: a1a3810ef6d37666d8d9b7441ca18e75d77c48b2

Comment by Gerrit Updater [ 15/Feb/23 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50014
Subject: LU-16546 kernel: kernel update SLES15 SP4 [5.14.21-150400.24.41.1]
Project: fs/lustre-release
Branch: b2_15
Current Patch Set: 1
Commit: 90cf3dad293f4941cd6d05aa80ae447bd1062a34

Generated at Sat Feb 10 03:27:57 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.