[LU-16422] kernel update [SLES15 SP4 5.14.21-150400.24.38.1]

Related — Thu, 9 Feb 2023 07:50:50 +0000

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-42328: Guests could trigger denial of service via the netback
driver (bsc#1206114).
CVE-2022-42329: Guests could trigger denial of service via the netback
driver (bsc#1206113).
CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
netback driver (bsc#1206113).
CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
drivers/atm/idt77252.c (bsc#1204631).
CVE-2022-41850: Fixed a race condition in roccat_report_event() in
drivers/hid/hid-roccat.c (bsc#1203960).
CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
CVE-2022-3567: Fixed a to race condition in
inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
drivers/net/slip (bsc#1205671).
CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
(bsc#1205128).
CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
USB driver (bsc#1205220).
CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which
could cause a denial of service (bsc#1205882).
CVE-2022-45888: Fixed a use-after-free during physical removal of a USB
devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
to access any physical memory (bsc#1205700).
CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
race condition and NULL pointer dereference. (bsc#1205711)
CVE-2022-42896: Fixed a use-after-free vulnerability in the
net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
which may have allowed code execution and leaking kernel memory
(respectively) remotely via Bluetooth (bsc#1205709).
CVE-2022-42895: Fixed an information leak in the
net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
leak kernel pointers remotely (bsc#1205705).
CVE-2022-3566: Fixed a race condition in the functions
tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race
condition (bsc#1204405).
CVE-2022-2602: Fixed a local privilege escalation vulnerability
involving Unix socket Garbage Collection and io_uring (bsc#1204228).
CVE-2022-3176: Fixed a use-after-free in io_uring related to
signalfd_poll() and binder_poll() (bsc#1203391).
CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
(bsc#1204780).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013296.html

Whamcloud Community JIRA

[LU-16422] kernel update [SLES15 SP4 5.14.21-150400.24.38.1]