https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-16122 Lustre <p> The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various<br/> security and bugfixes.</p> <p> The following security bugs were fixed:</p> <ul class="alternate" type="square"> <li>CVE-2020-36516: Fixed TCP session data injection vulnerability via the<br/> mixed IPID assignment method (bnc#1196616).</li> <li>CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl<br/> and closing/opening of ttys that could lead to a use-after-free<br/> (bnc#1201429).</li> <li>CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could<br/> lead to a NULL pointer dereference and general protection fault<br/> (bnc#1200910).</li> <li>CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO<br/> (bnc#1201635).</li> <li>CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT<br/> (bnc#1201636).</li> <li>CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which<br/> allowed a local attacker to cause memory corruption and escalate<br/> privileges to root (bnc#1199647).</li> <li>CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe<br/> subsystem (bnc#1198829).</li> <li>CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer<br/> handler in net/rose/rose_timer.c that allow attackers to crash the<br/> system without any privileges (bsc#1201251).</li> <li>CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds<br/> write in reserve_sfa_size() (bsc#1202154).</li> <li>CVE-2022-20166: Fixed possible out of bounds write due to sprintf<br/> unsafety that could cause local escalation of privilege (bnc#1200598)</li> <li>CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy<br/> (bsc#1201458).</li> <li>CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed<br/> multiple potential data leaks with Block and Network devices when using<br/> untrusted backends (bsc#1200762).</li> <li>CVE-2022-29581: Fixed improper update of Reference Count in net/sched<br/> that could cause root privilege escalation (bnc#1199665).</li> <li>CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c<br/> that could allow local privilege escalation (bnc#1200015).</li> <li>CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that<br/> could lead to remote DoS (bnc#1201940).</li> </ul> <p> The following non-security bugs were fixed:<br/> <a href="https://lists.suse.com/pipermail/sle-security-updates/2022-August/011976.html" class="external-link" target="_blank" rel="nofollow noopener">https://lists.suse.com/pipermail/sle-security-updates/2022-August/011976.html</a></p> LU-16122

kernel update [SLES15 SP3 5.3.18-150300.59.90.1]

Improvement Minor Resolved Won't Fix Jian Yu Jian Yu Mon, 29 Aug 2022 01:03:58 +0000 Tue, 20 Sep 2022 00:14:37 +0000 Tue, 20 Sep 2022 00:14:37 +0000 0 2 <p>"Jian Yu &lt;yujian@whamcloud.com&gt;" uploaded a new patch: <a href="https://review.whamcloud.com/48368" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/48368</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-16122" title="kernel update [SLES15 SP3 5.3.18-150300.59.90.1]" class="issue-link" data-issue-key="LU-16122"><del>LU-16122</del></a> kernel: kernel update SLES15 SP3 <span class="error">&#91;5.3.18-150300.59.90.1&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 74075e1ee6d352ee991193b79c27d8ed10000bf8</p> <p>A new version is available in <a href="https://jira.whamcloud.com/browse/LU-16173" title="kernel update [SLES15 SP3 5.3.18-150300.59.93.1]" class="issue-link" data-issue-key="LU-16173"><del>LU-16173</del></a>.</p> Related LU-16092 LU-16173 Development Rank 1|i02y8n: Rank (Obsolete) 9223372036854775807