Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:2103-1

Опубликовано: 16 июн. 2022
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel was updated.

The following security bugs were fixed:

  • CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
  • CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
  • CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710)
  • CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
  • CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
  • CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
  • CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
  • CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (bnc#1191958)
  • CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
  • CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516)
  • CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
  • CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
  • CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
  • CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143)
  • CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
  • CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
  • CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
  • CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
  • CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
  • CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
  • CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).

The following non-security bugs were fixed:

  • btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
  • btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
  • lib: dimlib: fix help text typos (bsc#1198776).
  • lib: dimlib: make DIMLIB a hidden symbol (bsc#1198776).
  • linux/dim: Add completions count to dim_sample (bsc#1198776).
  • linux/dim: Fix -Wunused-const-variable warnings (bsc#1198776).
  • linux/dim: Fix overflow in dim calculation (bsc#1198776).
  • linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1198776).
  • linux/dim: Move implementation to .c files (bsc#1198776).
  • linux/dim: Move logic to dim.h (bsc#1198776).
  • linux/dim: Remove 'net' prefix from internal DIM members (bsc#1198776).
  • linux/dim: Rename externally exposed macros (bsc#1198776).
  • linux/dim: Rename externally used net_dim members (bsc#1198776).
  • linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1198776).
  • net: ena: A typo fix in the file ena_com.h (bsc#1198776).
  • net: ena: Add capabilities field with support for ENI stats capability (bsc#1198776).
  • net: ena: add device distinct log prefix to files (bsc#1198776).
  • net: ena: Add first_interrupt field to napi struct (bsc#1198776).
  • net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1198776).
  • net: ena: add jiffies of last napi call to stats (bsc#1198776).
  • net: ena: add missing ethtool TX timestamping indication (bsc#1198776).
  • net: ena: add reserved PCI device ID (bsc#1198776).
  • net: ena: add support for reporting of packet drops (bsc#1198776).
  • net: ena: add support for the rx offset feature (bsc#1198776).
  • net: ena: add support for traffic mirroring (bsc#1198776).
  • net: ena: add unmask interrupts statistics to ethtool (bsc#1198776).
  • net: ena: aggregate stats increase into a function (bsc#1198776).
  • net: ena: allow setting the hash function without changing the key (bsc#1198776).
  • net: ena: avoid memory access violation by validating req_id properly (bsc#1198776).
  • net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1198776).
  • net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1198776).
  • net: ena: Capitalize all log strings and improve code readability (bsc#1198776).
  • net: ena: change default RSS hash function to Toeplitz (bsc#1198776).
  • net: ena: Change ENI stats support check to use capabilities field (bsc#1198776).
  • net: ena: Change license into format to SPDX in all files (bsc#1198776).
  • net: ena: Change log message to netif/dev function (bsc#1198776).
  • net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1198776).
  • net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198776).
  • net: ena: Change RSS related macros and variables names (bsc#1198776).
  • net: ena: Change the name of bad_csum variable (bsc#1198776).
  • net: ena: changes to RSS hash key allocation (bsc#1198776).
  • net: ena: clean up indentation issue (bsc#1198776).
  • net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1198776).
  • net: ena: cosmetic: code reorderings (bsc#1198776).
  • net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1198776).
  • net: ena: cosmetic: fix line break issues (bsc#1198776).
  • net: ena: cosmetic: fix spacing issues (bsc#1198776).
  • net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1198776).
  • net: ena: cosmetic: minor code changes (bsc#1198776).
  • net: ena: cosmetic: remove unnecessary code (bsc#1198776).
  • net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1198776).
  • net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1198776).
  • net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1198776).
  • net: ena: do not wake up tx queue when down (bsc#1198776).
  • net: ena: drop superfluous prototype (bsc#1198776).
  • net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1198776).
  • net: ena: enable support of rss hash key and function changes (bsc#1198776).
  • net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1198776).
  • net: ena: ethtool: Add new device statistics (bsc#1198776).
  • net: ena: ethtool: clean up minor indentation issue (bsc#1198776).
  • net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1198776).
  • net: ena: ethtool: get_channels: use combined only (bsc#1198776).
  • net: ena: ethtool: remove redundant non-zero check on rc (bsc#1198776).
  • net: ena: ethtool: support set_channels callback (bsc#1198776).
  • net: ena: ethtool: use correct value for crc32 hash (bsc#1198776).
  • net: ena: Fix all static chekers' warnings (bsc#1198776).
  • net: ena: Fix build warning in ena_xdp_set() (bsc#1198776).
  • net: ena: fix coding style nits (bsc#1198776).
  • net: ena: fix continuous keep-alive resets (bsc#1198776).
  • net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1198776).
  • net: ena: fix default tx interrupt moderation interval (bsc#1198776).
  • net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1198776).
  • net: ena: Fix error handling when calculating max IO queues number (bsc#1198776).
  • net: ena: fix error returning in ena_com_get_hash_function() (bsc#1198776).
  • net: ena: fix inaccurate print type (bsc#1198776).
  • net: ena: fix incorrect default RSS key (bsc#1198776).
  • net: ena: fix incorrect setting of the number of msix vectors (bsc#1198776).
  • net: ena: fix incorrect update of intr_delay_resolution (bsc#1198776).
  • net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1198776).
  • net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1198776).
  • net: ena: fix napi handler misbehavior when the napi budget is zero (bsc#1198776).
  • net: ena: fix packet's addresses for rx_offset feature (bsc#1198776).
  • net: ena: fix potential crash when rxfh key is NULL (bsc#1198776).
  • net: ena: fix request of incorrect number of IRQ vectors (bsc#1198776).
  • net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1198776).
  • net: ena: fix update of interrupt moderation register (bsc#1198776).
  • net: ena: fix uses of round_jiffies() (bsc#1198776).
  • net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1198776).
  • net: ena: Fix wrong rx request id by resetting device (bsc#1198776).
  • net: ena: handle bad request id in ena_netdev (bsc#1198776).
  • net: ena: Improve error logging in driver (bsc#1198776).
  • net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1198776).
  • net: ena: make ethtool -l show correct max number of queues (bsc#1198776).
  • net: ena: Make missed_tx stat incremental (bsc#1198776).
  • net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198776).
  • net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1198776).
  • net: ena: Move reset completion print to the reset function (bsc#1198776).
  • net: ena: multiple queue creation related cleanups (bsc#1198776).
  • net: ena: Prevent reset after device destruction (bsc#1198776).
  • net: ena: re-organize code to improve readability (bsc#1198776).
  • net: ena: reduce driver load time (bsc#1198776).
  • net: ena: reimplement set/get_coalesce() (bsc#1198776).
  • net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1198776).
  • net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1198776).
  • net: ena: remove code that does nothing (bsc#1198776).
  • net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198776).
  • net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1198776).
  • net: ena: remove extra words from comments (bsc#1198776).
  • net: ena: Remove module param and change message severity (bsc#1198776).
  • net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1198776).
  • net: ena: remove redundant print of number of queues (bsc#1198776).
  • net: ena: Remove redundant print of placement policy (bsc#1198776).
  • net: ena: Remove redundant return code check (bsc#1198776).
  • net: ena: remove set but not used variable 'hash_key' (bsc#1198776).
  • net: ena: Remove unused code (bsc#1198776).
  • net: ena: rename ena_com_free_desc to make API more uniform (bsc#1198776).
  • net: ena: rss: do not allocate key when not supported (bsc#1198776).
  • net: ena: rss: fix failure to get indirection table (bsc#1198776).
  • net: ena: rss: store hash function as values and not bits (bsc#1198776).
  • net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1198776).
  • net: ena: set initial DMA width to avoid intel iommu issue (bsc#1198776).
  • net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1198776).
  • net: ena: store values in their appropriate variables types (bsc#1198776).
  • net: ena: support new LLQ acceleration mode (bsc#1198776).
  • net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1198776).
  • net: ena: use constant value for net_device allocation (bsc#1198776).
  • net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198776).
  • net: ena: use explicit variable size for clarity (bsc#1198776).
  • net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1198776).
  • net: mana: Add counter for packet dropped by XDP (bsc#1195651).
  • net: mana: Add counter for XDP_TX (bsc#1195651).
  • net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
  • net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
  • net: mana: Reuse XDP dropped page (bsc#1195651).
  • net: update net_dim documentation after rename (bsc#1198776).
  • PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
  • scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
  • SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
  • x86/pm: Save the MSR validity status at context setup (bsc#1114648).
  • x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).

Список пакетов

SUSE Linux Enterprise High Availability Extension 15
cluster-md-kmp-default-4.12.14-150000.150.92.2
dlm-kmp-default-4.12.14-150000.150.92.2
gfs2-kmp-default-4.12.14-150000.150.92.2
ocfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS
kernel-default-4.12.14-150000.150.92.2
kernel-default-base-4.12.14-150000.150.92.2
kernel-default-devel-4.12.14-150000.150.92.2
kernel-devel-4.12.14-150000.150.92.2
kernel-docs-4.12.14-150000.150.92.2
kernel-macros-4.12.14-150000.150.92.2
kernel-obs-build-4.12.14-150000.150.92.2
kernel-source-4.12.14-150000.150.92.2
kernel-syms-4.12.14-150000.150.92.2
kernel-vanilla-base-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Performance Computing 15-LTSS
kernel-default-4.12.14-150000.150.92.2
kernel-default-base-4.12.14-150000.150.92.2
kernel-default-devel-4.12.14-150000.150.92.2
kernel-devel-4.12.14-150000.150.92.2
kernel-docs-4.12.14-150000.150.92.2
kernel-macros-4.12.14-150000.150.92.2
kernel-obs-build-4.12.14-150000.150.92.2
kernel-source-4.12.14-150000.150.92.2
kernel-syms-4.12.14-150000.150.92.2
kernel-vanilla-base-4.12.14-150000.150.92.2
SUSE Linux Enterprise Live Patching 15
kernel-default-livepatch-4.12.14-150000.150.92.2
kernel-livepatch-4_12_14-150000_150_92-default-1-150000.1.3.2
SUSE Linux Enterprise Server 15-LTSS
kernel-default-4.12.14-150000.150.92.2
kernel-default-base-4.12.14-150000.150.92.2
kernel-default-devel-4.12.14-150000.150.92.2
kernel-default-man-4.12.14-150000.150.92.2
kernel-devel-4.12.14-150000.150.92.2
kernel-docs-4.12.14-150000.150.92.2
kernel-macros-4.12.14-150000.150.92.2
kernel-obs-build-4.12.14-150000.150.92.2
kernel-source-4.12.14-150000.150.92.2
kernel-syms-4.12.14-150000.150.92.2
kernel-vanilla-base-4.12.14-150000.150.92.2
reiserfs-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise Server for SAP Applications 15
kernel-default-4.12.14-150000.150.92.2
kernel-default-base-4.12.14-150000.150.92.2
kernel-default-devel-4.12.14-150000.150.92.2
kernel-devel-4.12.14-150000.150.92.2
kernel-docs-4.12.14-150000.150.92.2
kernel-macros-4.12.14-150000.150.92.2
kernel-obs-build-4.12.14-150000.150.92.2
kernel-source-4.12.14-150000.150.92.2
kernel-syms-4.12.14-150000.150.92.2
kernel-vanilla-base-4.12.14-150000.150.92.2
reiserfs-kmp-default-4.12.14-150000.150.92.2

Ссылки

Описание

The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки

Описание

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-150000.150.92.2
Ссылки
Уязвимость SUSE-SU-2022:2103-1