File _patchinfo of Package patchinfo.23557

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.23557

<patchinfo incident="23557">
  <issue id="1189562" tracker="bnc">[PATCH] ext4: fix kernel infoleak via ext4_extent_header</issue>
  <issue id="1194943" tracker="bnc">cert related kernel build breakages in 5.17 merge window</issue>
  <issue id="1195051" tracker="bnc">[SLE15 SP4] /etc/modprobe.d/10-unsupported-modules.conf doesn't exist in SP4</issue>
  <issue id="1195353" tracker="bnc">include 9p in kernel-obs-build</issue>
  <issue id="1196018" tracker="bnc">VUL-0: kernel-source: malicious hardware can cause a leak of kernel memory over the network by ax88179_178a devices</issue>
  <issue id="1196114" tracker="bnc">Migration to 15 SP1 can't remove old kernel and modules</issue>
  <issue id="1196468" tracker="bnc">net/mlx5e: Fix page DMA map/unmap attributes</issue>
  <issue id="1196488" tracker="bnc">VUL-0: CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: xen: Linux PV device frontends vulnerable to attacks by backends (XSA-396)</issue>
  <issue id="1196514" tracker="bnc">Unable to update from SLES-12-SP5 to SLES-15-SP1</issue>
  <issue id="1196639" tracker="bnc">VUL-0: CVE-2022-0812: kernel-source-azure,kernel-source,kernel-source-rt: NFS over RDMA random memory leakage</issue>
  <issue id="1196761" tracker="bnc">VUL-0: CVE-2022-0850: kernel-source-azure,kernel-source,kernel-source-rt: information leak in copy_page_to_iter() in iov_iter.c</issue>
  <issue id="1196830" tracker="bnc">VUL-0: CVE-2022-26490: kernel-source,kernel-source-rt,kernel-source-azure: potential buffer overflows in EVT_TRANSACTION in st21nfca</issue>
  <issue id="1196836" tracker="bnc">VUL-0: CVE-2022-26966: kernel-source: A malicious device can make the kernel leak a few hundred bytes through the network stack</issue>
  <issue id="1196942" tracker="bnc">[Build 101.1] openQA test fails in await_install - kernel-default-4.12.14-122.113.1.s390x: erase failed</issue>
  <issue id="1196973" tracker="bnc">VUL-0: CVE-2021-39713: kernel-source-rt,kernel-source-azure,kernel-source: race condition in the network scheduling subsystem which could lead to a use-after-free</issue>
  <issue id="1197131" tracker="bnc">VUL-0: CVE-2022-0886: kernel: buffer overflow in IPsec ESP transformation code</issue>
  <issue id="1197227" tracker="bnc">VUL-0: CVE-2022-1015,CVE-2022-1016: kernel-source: Vulnerability in nf_tables can cause privilege escalation</issue>
  <issue id="1197331" tracker="bnc">VUL-0: CVE-2022-1048: kernel-source: Race Condition in snd_pcm_hw_free leading to use-after-free</issue>
  <issue id="1197366" tracker="bnc">VUL-0: CVE-2021-45868: kernel-source-azure,kernel-source-rt,kernel-source: fs/quota/quota_tree.c does not validate the block number in the quota tree</issue>
  <issue id="1197391" tracker="bnc">VUL-0: EMBARGOED: CVE-2022-28356: kernel-source: refcount leak bug in llc_ui_bind</issue>
  <issue id="1198031" tracker="bnc">VUL-1: CVE-2022-28390: kernel-source: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c</issue>
  <issue id="1198032" tracker="bnc">VUL-1: CVE-2022-28388: kernel-source: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c</issue>
  <issue id="1198033" tracker="bnc">VUL-1: CVE-2022-28389: kernel-source: double free in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c</issue>
  <issue id="2022-28356" tracker="cve" />
  <issue id="2022-1016" tracker="cve" />
  <issue id="2022-28389" tracker="cve" />
  <issue id="2022-28388" tracker="cve" />
  <issue id="2022-28390" tracker="cve" />
  <issue id="2022-0812" tracker="cve" />
  <issue id="2022-1048" tracker="cve" />
  <issue id="2022-0850" tracker="cve" />
  <issue id="2022-26966" tracker="cve" />
  <issue id="2022-0886" tracker="cve" />
  <issue id="2021-45868" tracker="cve" />
  <issue id="2021-39713" tracker="cve" />
  <issue id="2022-23042" tracker="cve" />
  <issue id="2022-23041" tracker="cve" />
  <issue id="2022-23039" tracker="cve" />
  <issue id="2022-23038" tracker="cve" />
  <issue id="2022-23037" tracker="cve" />
  <issue id="2022-23036" tracker="cve" />
  <issue id="2022-23040" tracker="cve" />
  <issue id="2022-26490" tracker="cve" />
  <issue id="SLE-18234" tracker="jsc" />
  <category>security</category>
  <rating>important</rating>
  <packager>alnovak</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227).
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033).
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032).
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).
- CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639).
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331).
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836).
- CVE-2022-0886: Fix possible buffer overflow in ESP transformation (bsc#1197131).
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366).
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973).
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory (bsc#1196830).

The following non-security bugs were fixed:

- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- macros.kernel-source: Fix coditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).")
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- sr9700: sanity check for packet length (bsc#1196836).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.23557

Places