SUSE-SU-2022:0289-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0289-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:0289-1
Related
Published
2022-02-02T09:02:15Z
Modified
2022-02-02T09:02:15Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727).
  • CVE-2021-4135: Fixed an information leak in the nsimbpfmap_alloc function (bsc#1193927).
  • CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001).
  • CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
  • CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529).
  • CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/teeshm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in teeshmgetfrom_id during an attempt to free a shared memory object (bnc#1193767).
  • CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses (bsc#1194094).
  • CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087).
  • CVE-2022-0185: Incorrect param length parsing in legacyparseparam which could have led to a local privilege escalation (bsc#1194517).
  • CVE-2022-0322: Fixed a denial of service in SCTP sctpaddtochunk (bsc#1194985).

The following non-security bugs were fixed:

  • ext4: Avoid trim error on fs with small groups (bsc#1191271).
  • fget: clarify and improve _fgetfiles() implementation (bsc#1193727).
  • kabi/severities: Add a kabi exception for drivers/tee/tee
  • kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
  • livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
  • media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255).
  • moxart: fix potential use-after-free on remove path (bsc#1194516).
  • powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901).
  • powerpc: handle kdump appropriately with crashkexecpost_notifiers option (bsc#1193901).
  • tpm: fix potential NULL pointer access in tpmdelchar_device (bsc#1184209, bsc#1193660).
  • vfs: check fd has read access in kernelreadfilefromfd() (bsc#1194888).
References

Affected packages

SUSE:Real Time Module 15 SP2 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-68.1",
            "dlm-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug": "5.3.18-68.1",
            "kernel-rt-devel": "5.3.18-68.1",
            "cluster-md-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug-devel": "5.3.18-68.1",
            "kernel-source-rt": "5.3.18-68.1",
            "kernel-rt": "5.3.18-68.1",
            "ocfs2-kmp-rt": "5.3.18-68.1",
            "gfs2-kmp-rt": "5.3.18-68.1",
            "kernel-syms-rt": "5.3.18-68.1"
        }
    ]
}

SUSE:Real Time Module 15 SP2 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
purl:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-68.1",
            "dlm-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug": "5.3.18-68.1",
            "kernel-rt-devel": "5.3.18-68.1",
            "cluster-md-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug-devel": "5.3.18-68.1",
            "kernel-source-rt": "5.3.18-68.1",
            "kernel-rt": "5.3.18-68.1",
            "ocfs2-kmp-rt": "5.3.18-68.1",
            "gfs2-kmp-rt": "5.3.18-68.1",
            "kernel-syms-rt": "5.3.18-68.1"
        }
    ]
}

SUSE:Real Time Module 15 SP2 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-68.1",
            "dlm-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug": "5.3.18-68.1",
            "kernel-rt-devel": "5.3.18-68.1",
            "cluster-md-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug-devel": "5.3.18-68.1",
            "kernel-source-rt": "5.3.18-68.1",
            "kernel-rt": "5.3.18-68.1",
            "ocfs2-kmp-rt": "5.3.18-68.1",
            "gfs2-kmp-rt": "5.3.18-68.1",
            "kernel-syms-rt": "5.3.18-68.1"
        }
    ]
}

SUSE:Real Time Module 15 SP2 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-68.1",
            "dlm-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug": "5.3.18-68.1",
            "kernel-rt-devel": "5.3.18-68.1",
            "cluster-md-kmp-rt": "5.3.18-68.1",
            "kernel-rt_debug-devel": "5.3.18-68.1",
            "kernel-source-rt": "5.3.18-68.1",
            "kernel-rt": "5.3.18-68.1",
            "ocfs2-kmp-rt": "5.3.18-68.1",
            "gfs2-kmp-rt": "5.3.18-68.1",
            "kernel-syms-rt": "5.3.18-68.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.0 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-68.1"
        }
    ]
}