Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-16326] kernel update [SLES15 SP4 5.14.21-150400.24.33.2] https://jira.whamcloud.com/browse/LU-16326 Lustre <p> The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various<br/> security and bugfixes.</p> <p> The following security bugs were fixed:</p> <ul class="alternate" type="square"> <li>CVE-2022-28748: Fixed a leak of kernel memory over the network by<br/> ax88179_178a devices (bsc#1196018).</li> <li>CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that<br/> could allow a local user to crash or potentially escalate their<br/> privileges on the system (bsc#1199904).</li> <li>CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices<br/> (bnc#1202686).</li> <li>CVE-2022-3169: Fixed an denial of service though request to<br/> NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).</li> <li>CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692).</li> <li>CVE-2022-3424: Fixed use-after-free in gru_set_context_option(),<br/> gru_fault() and gru_handle_user_call_os() that could lead to kernel<br/> panic (bsc#1204166).</li> <li>CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file<br/> net/ipv4/fib_semantics.c (bsc#1204171).</li> <li>CVE-2022-3521: Fixed race condition in kcm_tx_work() in<br/> net/kcm/kcmsock.c (bnc#1204355).</li> <li>CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6<br/> handler (bnc#1204354).</li> <li>CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from<br/> drivers/net/macvlan.c (bnc#1204353).</li> <li>CVE-2022-3545: Fixed use-after-free in area_cache_get() in<br/> drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).</li> <li>CVE-2022-3565: Fixed use-after-free in del_timer() in<br/> drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).</li> <li>CVE-2022-3621: Fixed null pointer dereference in<br/> nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).</li> <li>CVE-2022-3625: Fixed use-after-free in<br/> devlink_param_set()/devlink_param_get() in net/core/devlink.c<br/> (bnc#1204637).</li> <li>CVE-2022-3628: Fixed potential buffer overflow in<br/> brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).</li> <li>CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in<br/> net/bluetooth/l2cap_core.c (bnc#1204619).</li> <li>CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in<br/> fs/nilfs2/segment.c (bnc#1204646).</li> <li>CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c<br/> (bnc#1203435).</li> <li>CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck<br/> (bnc#1203514).</li> <li>CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space<br/> client to corrupt the monitor's internal memory (bnc#1204653).</li> </ul> <p> The following non-security bugs were fixed:<br/> <a href="https://lists.suse.com/pipermail/sle-security-updates/2022-November/012989.html" class="external-link" target="_blank" rel="nofollow noopener">https://lists.suse.com/pipermail/sle-security-updates/2022-November/012989.html</a></p> LU-16326 kernel update [SLES15 SP4 5.14.21-150400.24.33.2] Improvement Minor Resolved Won't Fix Jian Yu Jian Yu Fri, 18 Nov 2022 20:29:49 +0000 Wed, 21 Dec 2022 20:36:51 +0000 Wed, 21 Dec 2022 20:36:51 +0000 0 1 <p>A new kernel is available in <a href="https://jira.whamcloud.com/browse/LU-16422" title="kernel update [SLES15 SP4 5.14.21-150400.24.38.1]" class="issue-link" data-issue-key="LU-16422"><del>LU-16422</del></a>.</p> Related LU-16294 LU-16422 Development Rank 1|i0365b: Rank (Obsolete) 9223372036854775807