SUSE-SU-2022:1257-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20221257-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1257-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:1257-1
Related
Published
2022-04-19T09:03:30Z
Modified
2022-04-19T09:03:30Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space (bnc#1196823).
  • CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032).
  • CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033).
  • CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).
  • CVE-2022-1048: Fixed a race Condition in sndpcmhwfree leading to use-after-free due to the AB/BA lock with buffermutex and mmap_lock (bsc#1197331).
  • CVE-2022-1055: Fixed a use-after-free in tcnewtfilter that could allow a local attacker to gain privilege escalation (bnc#1197702).
  • CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation (bnc#1197462).
  • CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366).
  • CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836).
  • CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aiopollcomplete_work. This could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196956).
  • CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731).
  • CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488).
  • CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
  • CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udffilewrite_iter() via a malicious UDF image (bsc#1196079).
  • CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDISMSGSET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235).
  • CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
  • CVE-2021-44879: In gcdatasegment() in fs/f2fs/gc.c, special files were not considered, which lead to a movedatapage NULL pointer dereference (bsc#1195987).
  • CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
  • CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
  • CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).
  • CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
  • CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
  • CVE-2022-28748: Fixed various information leaks that could be caused by malicious USB devices (bsc#1196018).
  • CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernelreadfilefromfd() (bsc#1196155)
  • CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761).
  • CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227).

The following non-security bugs were fixed:

  • cifs: use the correct max-length for dentrypathraw() (bsc#1196196).
  • gve: multiple bugfixes (jsc#SLE-23652).
  • net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
  • netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
  • powerpc/mm/numa: skip NUMANONODE onlining in parsenumaproperties() (bsc#1179639).
  • scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
  • scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
References

Affected packages

SUSE:Real Time Module 15 SP2 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150200.79.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150200.79.2",
            "dlm-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug": "5.3.18-150200.79.2",
            "kernel-rt-devel": "5.3.18-150200.79.2",
            "cluster-md-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug-devel": "5.3.18-150200.79.2",
            "kernel-source-rt": "5.3.18-150200.79.2",
            "kernel-rt": "5.3.18-150200.79.2",
            "ocfs2-kmp-rt": "5.3.18-150200.79.2",
            "gfs2-kmp-rt": "5.3.18-150200.79.2",
            "kernel-syms-rt": "5.3.18-150200.79.1"
        }
    ]
}

SUSE:Real Time Module 15 SP2 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
purl:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150200.79.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150200.79.2",
            "dlm-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug": "5.3.18-150200.79.2",
            "kernel-rt-devel": "5.3.18-150200.79.2",
            "cluster-md-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug-devel": "5.3.18-150200.79.2",
            "kernel-source-rt": "5.3.18-150200.79.2",
            "kernel-rt": "5.3.18-150200.79.2",
            "ocfs2-kmp-rt": "5.3.18-150200.79.2",
            "gfs2-kmp-rt": "5.3.18-150200.79.2",
            "kernel-syms-rt": "5.3.18-150200.79.1"
        }
    ]
}

SUSE:Real Time Module 15 SP2 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150200.79.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150200.79.2",
            "dlm-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug": "5.3.18-150200.79.2",
            "kernel-rt-devel": "5.3.18-150200.79.2",
            "cluster-md-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug-devel": "5.3.18-150200.79.2",
            "kernel-source-rt": "5.3.18-150200.79.2",
            "kernel-rt": "5.3.18-150200.79.2",
            "ocfs2-kmp-rt": "5.3.18-150200.79.2",
            "gfs2-kmp-rt": "5.3.18-150200.79.2",
            "kernel-syms-rt": "5.3.18-150200.79.1"
        }
    ]
}

SUSE:Real Time Module 15 SP2 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150200.79.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150200.79.2",
            "dlm-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug": "5.3.18-150200.79.2",
            "kernel-rt-devel": "5.3.18-150200.79.2",
            "cluster-md-kmp-rt": "5.3.18-150200.79.2",
            "kernel-rt_debug-devel": "5.3.18-150200.79.2",
            "kernel-source-rt": "5.3.18-150200.79.2",
            "kernel-rt": "5.3.18-150200.79.2",
            "ocfs2-kmp-rt": "5.3.18-150200.79.2",
            "gfs2-kmp-rt": "5.3.18-150200.79.2",
            "kernel-syms-rt": "5.3.18-150200.79.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.0 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150200.79.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150200.79.2"
        }
    ]
}