Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:2083-1

Опубликовано: 14 июн. 2022
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP4 kernel was updated.

The following security bugs were fixed:

  • CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
  • CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
  • CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
  • CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
  • CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
  • CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
  • CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
  • CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
  • CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
  • CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).
  • CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
  • CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516)
  • CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
  • CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)

The following non-security bugs were fixed:

  • btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
  • btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
  • debug: Lock down kgdb (bsc#1199426).
  • dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
  • lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124).
  • lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124).
  • linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124).
  • net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124).
  • net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124).
  • net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124).
  • net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124).
  • net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124).
  • net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124).
  • net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124).
  • net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124).
  • net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124).
  • net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124).
  • net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124).
  • net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124).
  • net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124).
  • net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124).
  • net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124).
  • net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124).
  • net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124).
  • net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124).
  • net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124).
  • net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124).
  • net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124).
  • net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124).
  • net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124).
  • net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124).
  • net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124).
  • net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124).
  • net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124).
  • net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124).
  • net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124).
  • net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124).
  • net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124).
  • net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124).
  • net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124).
  • net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124).
  • net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124).
  • net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124).
  • net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124).
  • net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124).
  • net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124).
  • net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124).
  • net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124).
  • net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124).
  • net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124).
  • net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124).
  • net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124).
  • net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124).
  • net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124).
  • net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124).
  • net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124).
  • net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124).
  • net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124).
  • net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124).
  • net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124).
  • net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124).
  • net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124).
  • net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124).
  • net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124).
  • net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124).
  • net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
  • net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124).
  • net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124).
  • net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124).
  • net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124).
  • net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124).
  • net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124).
  • net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
  • net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124).
  • net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124).
  • net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124).
  • net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124).
  • net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124).
  • net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124).
  • net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124).
  • net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124).
  • net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124).
  • net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124).
  • net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124).
  • net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124).
  • net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124).
  • net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124).
  • net: mana: Add counter for packet dropped by XDP (bsc#1195651).
  • net: mana: Add counter for XDP_TX (bsc#1195651).
  • net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
  • net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
  • net: mana: Reuse XDP dropped page (bsc#1195651).
  • net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
  • net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124).
  • PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
  • powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
  • powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803).
  • scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
  • x86/pm: Save the MSR validity status at context setup (bsc#1114648).
  • x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).

Список пакетов

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
cluster-md-kmp-default-4.12.14-95.99.3
dlm-kmp-default-4.12.14-95.99.3
gfs2-kmp-default-4.12.14-95.99.3
kernel-default-4.12.14-95.99.3
ocfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
cluster-md-kmp-default-4.12.14-95.99.3
dlm-kmp-default-4.12.14-95.99.3
gfs2-kmp-default-4.12.14-95.99.3
kernel-default-4.12.14-95.99.3
ocfs2-kmp-default-4.12.14-95.99.3
SUSE Linux Enterprise High Availability Extension 12 SP4
cluster-md-kmp-default-4.12.14-95.99.3
dlm-kmp-default-4.12.14-95.99.3
gfs2-kmp-default-4.12.14-95.99.3
ocfs2-kmp-default-4.12.14-95.99.3
SUSE Linux Enterprise Live Patching 12 SP4
kernel-default-kgraft-4.12.14-95.99.3
kernel-default-kgraft-devel-4.12.14-95.99.3
kgraft-patch-4_12_14-95_99-default-1-6.3.3
SUSE Linux Enterprise Server 12 SP4-LTSS
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-default-man-4.12.14-95.99.3
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
kernel-syms-4.12.14-95.99.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
kernel-syms-4.12.14-95.99.2
SUSE OpenStack Cloud 9
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
kernel-syms-4.12.14-95.99.2
SUSE OpenStack Cloud Crowbar 9
kernel-default-4.12.14-95.99.3
kernel-default-base-4.12.14-95.99.3
kernel-default-devel-4.12.14-95.99.3
kernel-devel-4.12.14-95.99.2
kernel-macros-4.12.14-95.99.2
kernel-source-4.12.14-95.99.2
kernel-syms-4.12.14-95.99.2

Ссылки

Описание

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки

Описание

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-95.99.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-95.99.3
Ссылки