SUSE-SU-2022:2840-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222840-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2840-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:2840-1
Related
Published
2022-08-18T07:51:29Z
Modified
2022-08-18T07:51:29Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-15393: CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
  • CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
  • CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
  • CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
  • CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
  • CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
  • CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
  • CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598).
  • CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
  • CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
  • CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).

The following non-security bugs were fixed:

  • kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
  • kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP3-BCL / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.180-94.171.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.180-94.171.1",
            "kernel-devel": "4.4.180-94.171.1",
            "kernel-default-base": "4.4.180-94.171.1",
            "kernel-default": "4.4.180-94.171.1",
            "kernel-source": "4.4.180-94.171.1",
            "kernel-syms": "4.4.180-94.171.1",
            "kernel-default-devel": "4.4.180-94.171.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.180-94.171.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.180-94.171.1",
            "kernel-devel": "4.4.180-94.171.1",
            "kernel-default-base": "4.4.180-94.171.1",
            "kernel-default": "4.4.180-94.171.1",
            "kernel-source": "4.4.180-94.171.1",
            "kernel-syms": "4.4.180-94.171.1",
            "kernel-default-devel": "4.4.180-94.171.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.180-94.171.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.180-94.171.1",
            "kernel-devel": "4.4.180-94.171.1",
            "kernel-default-base": "4.4.180-94.171.1",
            "kernel-default": "4.4.180-94.171.1",
            "kernel-source": "4.4.180-94.171.1",
            "kernel-syms": "4.4.180-94.171.1",
            "kernel-default-devel": "4.4.180-94.171.1"
        }
    ]
}