Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-15958] kernel update [SLES15 SP3 5.3.18-150300.59.71.2] https://jira.whamcloud.com/browse/LU-15958 Lustre <p> The SUSE Linux Enterprise 15 SP3 kernel was updated.</p> <p> The following security bugs were fixed:</p> <ul class="alternate" type="square"> <li>CVE-2022-0168: Fixed a NULL pointer dereference in<br/> smb2_ioctl_query_info. (bsc#1197472)</li> <li>CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to<br/> uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)</li> <li>CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to<br/> privilege escalation. (bsc#1200019)</li> <li>CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited<br/> to speculatively/transiently disclose information via spectre like<br/> attacks. (bsc#1199650)</li> <li>CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited<br/> to speculatively/transiently disclose information via spectre like<br/> attacks. (bsc#1199650)</li> <li>CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited<br/> to speculatively/transiently disclose information via spectre like<br/> attacks. (bsc#1199650)</li> <li>CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited<br/> to speculatively/transiently disclose information via spectre like<br/> attacks. (bsc#1199650)</li> <li>CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited<br/> to speculatively/transiently disclose information via spectre like<br/> attacks. (bsc#1199650)</li> <li>CVE-2019-19377: Fixed an user-after-free that could be triggered when an<br/> attacker mounts a crafted btrfs filesystem image. (bnc#1158266)</li> <li>CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self<br/> (bsc#1199507).</li> <li>CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when<br/> mounting and operating on a corrupted image. (bsc#1198577)</li> <li>CVE-2022-1652: Fixed a statically allocated error counter inside the<br/> floppy kernel module (bsc#1199063).</li> <li>CVE-2022-30594: Fixed restriction bypass on setting the<br/> PT_SUSPEND_SECCOMP flag (bnc#1199505).</li> <li>CVE-2021-33061: Fixed insufficient control flow management for the<br/> Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed<br/> an authenticated user to potentially enable denial of service via local<br/> access (bnc#1196426).</li> </ul> <p> The following non-security bugs were fixed:<br/> <a href="https://lists.suse.com/pipermail/sle-security-updates/2022-June/011290.html" class="external-link" target="_blank" rel="nofollow noopener">https://lists.suse.com/pipermail/sle-security-updates/2022-June/011290.html</a></p> LU-15958 kernel update [SLES15 SP3 5.3.18-150300.59.71.2] Improvement Minor Resolved Won't Fix Jian Yu Jian Yu Sat, 18 Jun 2022 00:09:41 +0000 Thu, 11 Aug 2022 17:31:33 +0000 Thu, 11 Aug 2022 17:31:33 +0000 0 2 <p>"Jian Yu &lt;yujian@whamcloud.com&gt;" uploaded a new patch: <a href="https://review.whamcloud.com/47694" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/47694</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-15958" title="kernel update [SLES15 SP3 5.3.18-150300.59.71.2]" class="issue-link" data-issue-key="LU-15958"><del>LU-15958</del></a> kernel: kernel update SLES15 SP3 <span class="error">&#91;5.3.18-150300.59.71.2&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: c8143661ecfe22882c99c513dff26877c29a115b</p> <p>A new version is in <a href="https://jira.whamcloud.com/browse/LU-15958" title="kernel update [SLES15 SP3 5.3.18-150300.59.71.2]" class="issue-link" data-issue-key="LU-15958"><del>LU-15958</del></a>.</p> Related LU-15772 LU-16092 Development Rank 1|i02shz: Rank (Obsolete) 9223372036854775807