https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-15490 Lustre <p> The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various<br/> security and bugfixes.</p> <p> The following security bugs were fixed:</p> <ul class="alternate" type="square"> <li>CVE-2022-0185: Incorrect param length parsing in legacy_parse_param<br/> which could have led to a local privilege escalation (bsc#1194517).</li> <li>CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk<br/> (bsc#1194985).</li> <li>CVE-2021-4197: Fixed a cgroup issue where lower privileged processes<br/> could write to fds of lower privileged ones that could lead to privilege<br/> escalation (bsc#1194302).</li> <li>CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the<br/> Linux kernel allowed local users to cause a denial of service (NULL<br/> pointer dereference and general protection fault) because of the missing<br/> initialization for nft_set_elem_expr_alloc. A local user can set a<br/> netfilter table expression in their own namespace (bnc#1194518).</li> <li>CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc<br/> function (bsc#1193927).</li> <li>CVE-2021-4202: Fixed a race condition during NFC device remove which<br/> could lead to a use-after-free memory corruption (bsc#1194529)</li> <li>CVE-2021-4083: A read-after-free memory flaw was found in the Linux<br/> kernel's garbage collection for Unix domain socket file handlers in the<br/> way users call close() and fget() simultaneously and can potentially<br/> trigger a race condition. This flaw allowed a local user to crash the<br/> system or escalate their privileges on the system. This flaw affects<br/> Linux kernel versions prior to 5.16-rc4 (bnc#1193727).</li> <li>CVE-2021-4149: Fixed a locking condition in btrfs which could lead to<br/> system deadlocks (bsc#1194001).</li> <li>CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has<br/> an information leak because of certain use of a hash table which,<br/> although big, doesn't properly consider that IPv6-based attackers can<br/> typically choose among many IPv6 source addresses (bnc#1194094).</li> <li>CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an<br/> information leak because the hash table is very small (bnc#1194087).</li> </ul> <p> The following non-security bugs were fixed:<br/> <a href="https://lists.suse.com/pipermail/sle-security-updates/2022-January/010079.html" class="external-link" target="_blank" rel="nofollow noopener">https://lists.suse.com/pipermail/sle-security-updates/2022-January/010079.html</a></p> LU-15490

kernel update [SLES15 SP3 5.3.18-150300.59.43.1]

Improvement Minor Closed Won't Fix Jian Yu Jian Yu Thu, 27 Jan 2022 20:29:16 +0000 Fri, 18 Feb 2022 19:47:51 +0000 Fri, 18 Feb 2022 19:47:51 +0000 0 2 <p>"Jian Yu &lt;yujian@whamcloud.com&gt;" uploaded a new patch: <a href="https://review.whamcloud.com/46347" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/46347</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-15490" title="kernel update [SLES15 SP3 5.3.18-150300.59.43.1]" class="issue-link" data-issue-key="LU-15490"><del>LU-15490</del></a> kernel: kernel update SLES15 SP3 <span class="error">&#91;5.3.18-150300.59.43.1&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 9f6e700aadcde3723b098dbe4c60375132cd33d6</p> <p>A new version is available in <a href="https://jira.whamcloud.com/browse/LU-15569" title="kernel update [SLES15 SP3 5.3.18-150300.59.49.1]" class="issue-link" data-issue-key="LU-15569"><del>LU-15569</del></a>.</p> Related LU-15337 Development Rank 1|i02gjb: Rank (Obsolete) 9223372036854775807