[LU-16325] kernel update [SLES15 SP3 5.3.18-150300.59.101.1]

Related — Fri, 23 Dec 2022 21:58:52 +0000

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

CVE-2021-4037: Fixed function logic vulnerability that allowed local
users to create files for the XFS file-system with an unintended group
ownership and with group execution and SGID permission bits set
(bnc#1198702).
CVE-2022-2153: Fixed vulnerability in KVM that could allow an
unprivileged local attacker on the host to cause DoS (bnc#1200788).
CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices
(bnc#1202686).
CVE-2022-2978: Fixed use-after-free in the NILFS file system that could
lead to local privilege escalation or DoS (bnc#1202700).
CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE
(bnc#1203391).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(),
gru_fault() and gru_handle_user_call_os() that could lead to kernel
panic (bsc#1204166).
CVE-2022-3521: Fixed race condition in kcm_tx_work() in
net/kcm/kcmsock.c (bnc#1204355).
CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6
handler (bnc#1204354).
CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in
drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417).
CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
CVE-2022-3545: Fixed use-after-free in area_cache_get() in
drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
CVE-2022-3565: Fixed use-after-free in del_timer() in
drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device
driver that could lead to local privilege escalation or DoS
(bnc#1204470).
CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could
allow a local unprivileged user to cause a denial of service
(bnc#1204439).
CVE-2022-3594: Fixed excessive data logging in intr_callback() in
drivers/net/usb/r8152.c (bnc#1204479).
CVE-2022-3621: Fixed null pointer dereference in
nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
CVE-2022-3625: Fixed use-after-free in
devlink_param_set()/devlink_param_get() in net/core/devlink.c
(bnc#1204637).
CVE-2022-3629: Fixed memory leak in vsock_connect() in
net/vmw_vsock/af_vsock.c (bnc#1204635).
CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in
net/bluetooth/l2cap_core.c (bnc#1204619).
CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in
fs/nilfs2/segment.c (bnc#1204646).
CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in
fs/nilfs2/inode.c (bnc#1204647).
CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow
unprivileged guest users to compromise the guest kernel via TLB flush
operations on preempted vCPU (bnc#1203066).
CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf
anon_vma double reuse (bnc#1204168).
CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space
client to corrupt the monitor's internal memory (bnc#1204653).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012967.html

Whamcloud Community JIRA

[LU-16325] kernel update [SLES15 SP3 5.3.18-150300.59.101.1]