Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism (bsc#1177282).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bsc#1202097).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322).
- CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987).
The following non-security bugs were fixed:
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes).
Список пакетов
SUSE Linux Enterprise Server 12 SP3-BCL
Ссылки
- Link for SUSE-SU-2022:4611-1
- E-Mail link for SUSE-SU-2022:4611-1
- SUSE Security Ratings
- SUSE Bug 1129898
- SUSE Bug 1177282
- SUSE Bug 1196018
- SUSE Bug 1198702
- SUSE Bug 1201309
- SUSE Bug 1202097
- SUSE Bug 1202686
- SUSE Bug 1203008
- SUSE Bug 1203290
- SUSE Bug 1203322
- SUSE Bug 1203514
- SUSE Bug 1203960
- SUSE Bug 1203987
- SUSE Bug 1204166
- SUSE Bug 1204168
- SUSE Bug 1204170
- SUSE Bug 1204354
Описание
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
Затронутые продукты
Ссылки
- CVE-2019-3874
- SUSE Bug 1129898
Описание
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
Затронутые продукты
Ссылки
- CVE-2020-26541
- SUSE Bug 1177282
Описание
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
Затронутые продукты
Ссылки
- CVE-2021-4037
- SUSE Bug 1198702
Описание
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
Затронутые продукты
Ссылки
- CVE-2022-2663
- SUSE Bug 1202097
- SUSE Bug 1212299
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2022-28748
- SUSE Bug 1196018
Описание
A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
Затронутые продукты
Ссылки
- CVE-2022-2964
- SUSE Bug 1202686
- SUSE Bug 1203008
- SUSE Bug 1208044
Описание
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
Затронутые продукты
Ссылки
- CVE-2022-3169
- SUSE Bug 1203290
Описание
A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-3424
- SUSE Bug 1204166
- SUSE Bug 1204167
- SUSE Bug 1208044
- SUSE Bug 1212309
Описание
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-3524
- SUSE Bug 1204354
- SUSE Bug 1212320
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Затронутые продукты
Ссылки
- CVE-2022-3542
- SUSE Bug 1204402
- SUSE Bug 1217458
Описание
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.
Затронутые продукты
Ссылки
- CVE-2022-3565
- SUSE Bug 1204431
- SUSE Bug 1204432
- SUSE Bug 1208044
- SUSE Bug 1212323
Описание
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-3567
- SUSE Bug 1204414
Описание
A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.
Затронутые продукты
Ссылки
- CVE-2022-3586
- SUSE Bug 1204439
- SUSE Bug 1204576
- SUSE Bug 1208044
- SUSE Bug 1209225
- SUSE Bug 1212294
Описание
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
Затронутые продукты
Ссылки
- CVE-2022-3594
- SUSE Bug 1204479
- SUSE Bug 1217458
Описание
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
Затронутые продукты
Ссылки
- CVE-2022-3621
- SUSE Bug 1204574
- SUSE Bug 1212295
Описание
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
Затронутые продукты
Ссылки
- CVE-2022-3628
- SUSE Bug 1204868
Описание
A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-3629
- SUSE Bug 1204635
Описание
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-3635
- SUSE Bug 1204631
- SUSE Bug 1204636
- SUSE Bug 1208044
- SUSE Bug 1212289
Описание
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-3646
- SUSE Bug 1204646
Описание
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
Затронутые продукты
Ссылки
- CVE-2022-3649
- SUSE Bug 1204647
- SUSE Bug 1212318
Описание
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.
Затронутые продукты
Ссылки
- CVE-2022-3903
- SUSE Bug 1205220
- SUSE Bug 1212297
Описание
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
Затронутые продукты
Ссылки
- CVE-2022-40307
- SUSE Bug 1203322
Описание
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
Затронутые продукты
Ссылки
- CVE-2022-40768
- SUSE Bug 1203514
Описание
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
Затронутые продукты
Ссылки
- CVE-2022-4095
- SUSE Bug 1205514
- SUSE Bug 1205594
- SUSE Bug 1208030
- SUSE Bug 1208085
- SUSE Bug 1212319
Описание
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
Затронутые продукты
Ссылки
- CVE-2022-41848
- SUSE Bug 1203987
- SUSE Bug 1211484
- SUSE Bug 1212317
Описание
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
Затронутые продукты
Ссылки
- CVE-2022-41850
- SUSE Bug 1203960
- SUSE Bug 1212314
Описание
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2022-41858
- SUSE Bug 1205671
- SUSE Bug 1211484
- SUSE Bug 1212300
Описание
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
Затронутые продукты
Ссылки
- CVE-2022-42703
- SUSE Bug 1204168
- SUSE Bug 1204170
- SUSE Bug 1206463
- SUSE Bug 1208044
- SUSE Bug 1209225
Описание
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
Затронутые продукты
Ссылки
- CVE-2022-43750
- SUSE Bug 1204653
- SUSE Bug 1211484
Описание
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Затронутые продукты
Ссылки
- CVE-2022-43945
- SUSE Bug 1205128
- SUSE Bug 1205130
- SUSE Bug 1208030
- SUSE Bug 1208085
- SUSE Bug 1209225
- SUSE Bug 1210124
Описание
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
Затронутые продукты
Ссылки
- CVE-2022-45934
- SUSE Bug 1205796
- SUSE Bug 1212292