https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-15570 Lustre <p> The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various<br/> security and bugfixes.</p> <p> The following security bugs were fixed:</p> <ul class="alternate" type="square"> <li>CVE-2022-0435: Fixed remote stack overflow in net/tipc module that<br/> validate domain record count on input (bsc#1195254).</li> <li>CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel<br/> HCI device initialization subsystem that could have been used by<br/> attaching malicious HCI TTY Bluetooth devices. A local user could use<br/> this flaw to crash the system (bnc#1186207).</li> <li>CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that<br/> mishandled software scrollback (bnc#1187723).</li> <li>CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c<br/> in the TEE subsystem, that could have occured because of a race<br/> condition in tee_shm_get_from_id during an attempt to free a shared<br/> memory object (bnc#1193767).</li> <li>CVE-2022-0322: Fixed SCTP issue with account stream padding length for<br/> reconf chunk (bsc#1194985).</li> <li>CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new<br/> map's value in function nsim_bpf_map_alloc (bsc#1193927).</li> <li>CVE-2022-22942: Fixed stale file descriptors on failed usercopy<br/> (bsc#1195065).</li> <li>CVE-2021-39657: Fixed out of bounds read due to a missing bounds check<br/> in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local<br/> information disclosure with System execution privileges needed<br/> (bnc#1193864).</li> <li>CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a<br/> race condition in gadget_dev_desc_UDC_show of configfs.c. This could<br/> lead to local information disclosure with System execution privileges<br/> needed. User interaction is not needed for exploitation (bnc#1193861).</li> <li>CVE-2022-0330: Fixed flush TLBs before releasing backing store<br/> (bsc#1194880).</li> <li>CVE-2021-4197: Use cgroup open-time credentials for process migraton<br/> perm checks (bsc#1194302).</li> <li>CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag<br/> (bsc#1194529).</li> <li>CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage<br/> collection for Unix domain socket file handlers when users call close()<br/> and fget() simultaneouslyand can potentially trigger a race condition<br/> (bnc#1193727).</li> <li>CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after<br/> error (bsc#1194001).</li> </ul> <p> The following non-security bugs were fixed:<br/> <a href="https://lists.suse.com/pipermail/sle-security-updates/2022-February/010215.html" class="external-link" target="_blank" rel="nofollow noopener">https://lists.suse.com/pipermail/sle-security-updates/2022-February/010215.html</a></p> LU-15570

kernel update [SLES12 SP5 4.12.14-122.110.1]

Improvement Minor Resolved Won't Fix Jian Yu Jian Yu Fri, 18 Feb 2022 19:49:43 +0000 Wed, 23 Mar 2022 18:15:28 +0000 Wed, 23 Mar 2022 18:15:28 +0000 0 2 <p>"Jian Yu &lt;yujian@whamcloud.com&gt;" uploaded a new patch: <a href="https://review.whamcloud.com/46560" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/46560</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-15570" title="kernel update [SLES12 SP5 4.12.14-122.110.1]" class="issue-link" data-issue-key="LU-15570"><del>LU-15570</del></a> kernel: kernel update SLES12 SP5 <span class="error">&#91;4.12.14-122.110.1&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: cda56f9f96b092a60dccaa64022b01ec0022ee52</p> <p>A new version is available in <a href="https://jira.whamcloud.com/browse/LU-15679" title="kernel update [SLES12 SP5 4.12.14-122.113.1]" class="issue-link" data-issue-key="LU-15679"><del>LU-15679</del></a>.</p> Related LU-15309 LU-15679 Development Rank 1|i02isf: Rank (Obsolete) 9223372036854775807