https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-16545 Lustre <p> The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various<br/> security and bugfixes.</p> <p> The following security bugs were fixed:</p> <ul class="alternate" type="square"> <li>CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA.<br/> (bsc#1207134)</li> <li>CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic<br/> control subsystem which allowed an unprivileged user to trigger a denial<br/> of service via a crafted traffic control configuration. (bsc#1207237)</li> <li>CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler<br/> (bsc#1207036)</li> <li>CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial<br/> of service because of type confusion in atm_tc_enqueue. (bsc#1207125)</li> <li>CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file<br/> net/ipv4/fib_semantics.c (bsc#1204171).</li> <li>CVE-2022-4662: Fixed a recursive locking violation in usb-storage that<br/> can cause the kernel to deadlock. (bsc#1206664)</li> <li>CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused<br/> by a lack of checks of the return value of kzalloc. (bsc#1206393)</li> <li>CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust<br/> Security Network (RSN) information element from a Netlink packet.<br/> (bsc#1206515)</li> <li>CVE-2022-3112: Fixed a null pointer dereference caused by lacks check<br/> of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases.<br/> (bsc#1206399)</li> <li>CVE-2022-3564: Fixed a bug which could lead to use after free, it was<br/> found in the function l2cap_reassemble_sdu of the file<br/> net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)</li> <li>CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in<br/> drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the<br/> return value of kmemdup() could lead to a NULL pointer dereference.<br/> (bsc#1206389)</li> <li>CVE-2019-19083: Fixed a memory leaks in clock_source_create that could<br/> allow attackers to cause a denial of service (bsc#1157049).</li> <li>CVE-2022-42328: Fixed a bug which could allow guests to trigger denial<br/> of service via the netback driver (bsc#1206114).</li> <li>CVE-2022-42329: Fixed a bug which could allow guests to trigger denial<br/> of service via the netback driver (bsc#1206113).</li> <li>CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC<br/> interface reset/abort/crash via netback driver (bsc#1206113).</li> <li>CVE-2022-3107: Fixed a null pointer dereference caused by a missing<br/> check of the return value of kvmalloc_array. (bsc#1206395)</li> <li>CVE-2022-3111: Fixed a missing release of resource after effective<br/> lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in<br/> wm8350_init_charger. (bsc#1206394)</li> <li>CVE-2022-3105: Fixed a null pointer dereference caused by a missing<br/> check of the return value of kmalloc_array. (bsc#1206398)</li> <li>CVE-2022-3106: Fixed a null pointer dereference caused by a missing<br/> check of the return value of kmalloc. (bsc#1206397)</li> </ul> <p> The following non-security bugs were fixed:<br/> <a href="https://lists.suse.com/pipermail/sle-security-updates/2023-January/013530.html" class="external-link" target="_blank" rel="nofollow noopener">https://lists.suse.com/pipermail/sle-security-updates/2023-January/013530.html</a></p> LU-16545

kernel update [SLES15 SP3 5.3.18-150300.59.109.1]

Improvement Minor Resolved Won't Fix Jian Yu Jian Yu Thu, 9 Feb 2023 07:45:19 +0000 Tue, 25 Apr 2023 20:56:36 +0000 Tue, 25 Apr 2023 20:56:36 +0000 0 1 Related LU-16432 Development Rank 1|i03cfb: Rank (Obsolete) 9223372036854775807