Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-4154 (GCVE-0-2021-4154)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 17:16
VLAI
EPSS
Summary
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Severity
8.8 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2034514 | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| https://cloud.google.com/anthos/clusters/docs/sec… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022022… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in kernel 5.14 rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T09:06:07.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Fixed in kernel 5.14 rc2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
},
{
"name": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002",
"refsource": "MISC",
"url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220225-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4154",
"datePublished": "2022-02-04T22:29:17.000Z",
"dateReserved": "2021-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:04.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-4154",
"date": "2026-06-05",
"epss": "0.00838",
"percentile": "0.75081"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1\", \"versionEndExcluding\": \"5.4.134\", \"matchCriteriaId\": \"8B1595BC-C3BF-4F3C-8BF3-3CF85D767DBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.52\", \"matchCriteriaId\": \"7C1E6FB6-53C8-4DC4-8AE5-93094BA39F62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.12.19\", \"matchCriteriaId\": \"34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.13\", \"versionEndExcluding\": \"5.13.4\", \"matchCriteriaId\": \"F93FA3CC-0C79-410B-A7D7-245C2AA0723A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"71268287-21A8-4488-AA4F-23C473153131\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"053C1B35-3869-41C2-9551-044182DE0A64\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_baseboard_management_controller:h300e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50E61C0A-01CA-4031-B4E0-D814E1D9CFCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27227B35-932A-4035-B39F-6A455753C0D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4AD592C-222D-4C6F-B176-8145A1A5AFEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_baseboard_management_controller:h500e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8173DC0C-B9BB-4055-95B6-45EB08A3D923\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8603654B-A8A9-4DEB-B0DD-C82E1C885749\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_baseboard_management_controller:h700e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14BCD5F2-E3FD-4877-8C93-5EF96008A287\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C855C933-F271-45E6-8E85-8D7CF2EF1BE6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un defecto de uso de memoria previamente liberada en la funci\\u00f3n cgroup1_parse_param en el archivo kernel/cgroup/cgroup-v1.c en el analizador cgroup v1 del kernel de Linux. Un atacante local con un privilegio de usuario podr\\u00eda causar una escalada de privilegios al explotar el par\\u00e1metro de syscall fsconfig, conllevando a una ruptura del contenedor y una denegaci\\u00f3n de servicio en el sistema\"}]",
"id": "CVE-2021-4154",
"lastModified": "2024-11-21T06:37:00.750",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-02-04T23:15:12.307",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2034514\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220225-0004/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2034514\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220225-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-4154\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-02-04T23:15:12.307\",\"lastModified\":\"2024-11-21T06:37:00.750\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un defecto de uso de memoria previamente liberada en la funci\u00f3n cgroup1_parse_param en el archivo kernel/cgroup/cgroup-v1.c en el analizador cgroup v1 del kernel de Linux. Un atacante local con un privilegio de usuario podr\u00eda causar una escalada de privilegios al explotar el par\u00e1metro de syscall fsconfig, conllevando a una ruptura del contenedor y una denegaci\u00f3n de servicio en el sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"5.4.134\",\"matchCriteriaId\":\"8B1595BC-C3BF-4F3C-8BF3-3CF85D767DBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.52\",\"matchCriteriaId\":\"7C1E6FB6-53C8-4DC4-8AE5-93094BA39F62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.12.19\",\"matchCriteriaId\":\"34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13\",\"versionEndExcluding\":\"5.13.4\",\"matchCriteriaId\":\"F93FA3CC-0C79-410B-A7D7-245C2AA0723A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"71268287-21A8-4488-AA4F-23C473153131\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"053C1B35-3869-41C2-9551-044182DE0A64\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h300e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50E61C0A-01CA-4031-B4E0-D814E1D9CFCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27227B35-932A-4035-B39F-6A455753C0D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4AD592C-222D-4C6F-B176-8145A1A5AFEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h500e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8173DC0C-B9BB-4055-95B6-45EB08A3D923\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8603654B-A8A9-4DEB-B0DD-C82E1C885749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h700e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14BCD5F2-E3FD-4877-8C93-5EF96008A287\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C855C933-F271-45E6-8E85-8D7CF2EF1BE6\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2034514\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220225-0004/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2034514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220225-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022_0841
Vulnerability from csaf_redhat - Published: 2022-03-14 09:24 - Updated: 2024-11-15 14:44Summary
Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.10] Async #1
Severity
Important
Notes
Topic: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
* kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847)
* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
* kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)
* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
* kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
* cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in unix_dgram_recvmsg in net/unix/af_unix.c in the Linux kernel's garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their privileges on the system. A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
7.4 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
8.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch | — |
Workaround
|
Threats
Impact
Important
A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
7.0 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch | — |
Workaround
|
Threats
Impact
Important
A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A use-after-free flaw was found in the Linux kernel’s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem.
7.0 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch | — |
Threats
Impact
Important
References
48 references
Acknowledgments
CM4all
Max Kellermann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new pipe_buffer (CVE-2022-0847)\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\n* cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0841",
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-002"
},
{
"category": "external",
"summary": "2031930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031930"
},
{
"category": "external",
"summary": "2034514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"category": "external",
"summary": "2042404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042404"
},
{
"category": "external",
"summary": "2044809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044809"
},
{
"category": "external",
"summary": "2048738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048738"
},
{
"category": "external",
"summary": "2055326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055326"
},
{
"category": "external",
"summary": "2060795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0841.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.10] Async #1",
"tracking": {
"current_release_date": "2024-11-15T14:44:04+00:00",
"generator": {
"date": "2024-11-15T14:44:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0841",
"initial_release_date": "2022-03-14T09:24:59+00:00",
"revision_history": [
{
"date": "2022-03-14T09:24:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-14T09:24:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T14:44:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"product_id": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.4.10-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"product": {
"name": "redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"product_id": "redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.4.10-202203101736_8.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.4.10-2.el8ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"product_id": "redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host-content@4.4.10-2.el8ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"product_id": "redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.4.10-202203101736_8.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.4.10-2.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.4.10-202203101736_8.5.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src"
},
"product_reference": "redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0920",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-12-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031930"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in unix_dgram_recvmsg in net/unix/af_unix.c in the Linux kernel\u0027s garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their privileges on the system.\r\n\r\nA read-after-free memory flaw was found in the Linux kernel\u0027s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Use After Free in unix_gc() which could result in a local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-0920"
},
{
"category": "external",
"summary": "RHBZ#2031930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0920"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2021-07-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T09:24:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Use After Free in unix_gc() which could result in a local privilege escalation"
},
{
"cve": "CVE-2021-4154",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-12-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034514"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "RHBZ#2034514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
}
],
"release_date": "2021-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T09:24:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout"
},
{
"cve": "CVE-2022-0330",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2042404"
}
],
"notes": [
{
"category": "description",
"text": "A random memory access flaw was found in the Linux kernel\u2019s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: possible privileges escalation due to missing TLB flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For the Red Hat Enterprise Linux default configuration, the issue occurs only if a local user is running malicious code on GPU. The GPU is used and the user is required to have privileges to access the i915 Intel GPU.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0330"
},
{
"category": "external",
"summary": "RHBZ#2042404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0330",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0330"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/25/12",
"url": "https://www.openwall.com/lists/oss-security/2022/01/25/12"
}
],
"release_date": "2022-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T09:24:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: possible privileges escalation due to missing TLB flush"
},
{
"cve": "CVE-2022-0435",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048738"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in the Linux kernel\u2019s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat recommends to use TIPC Encryption to secure TIPC procotol\u0027s payload or use transport level to separate and/or secure (by both encrypting and authenticating via eg. IPSec/MACSec) the communication between nodes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0435"
},
{
"category": "external",
"summary": "RHBZ#2048738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0435"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/02/10/1",
"url": "https://www.openwall.com/lists/oss-security/2022/02/10/1"
}
],
"release_date": "2022-02-10T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T09:24:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
},
{
"category": "workaround",
"details": "The TIPC module will NOT be automatically loaded. When required, administrative action is needed to explicitly load this module.\n\nLoading the module can be prevented with the following instructions:\n# echo \"install tipc /bin/true\" \u003e\u003e /etc/modprobe.d/disable-tipc.conf\nThe system will need to be restarted if the tipc module is loaded. In most circumstances, the TIPC kernel module will be unable to be unloaded while any network interfaces are active and the protocol is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS"
},
{
"acknowledgments": [
{
"names": [
"Max Kellermann"
],
"organization": "CM4all"
}
],
"cve": "CVE-2022-0847",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2022-03-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060795"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: improper initialization of the \"flags\" member of the new pipe_buffer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available.\n\nNote that PIPE_BUF_FLAG_CAN_MERGE flag attack vector is not available in Red Hat Enterprise Linux 8 and thus the currently known exploits leveraging this flag do not work. The underlying issue (lack of proper pipe_buffer structure initialization) is still present though and other novel ways leading to successful exploitation cannot be fully ruled out.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0847"
},
{
"category": "external",
"summary": "RHBZ#2060795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795"
},
{
"category": "external",
"summary": "RHSB-2022-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847"
},
{
"category": "external",
"summary": "https://dirtypipe.cm4all.com/",
"url": "https://dirtypipe.cm4all.com/"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/lib/iov_iter.c?id=9d2231c5d74e13b2a0546fee6737ee4446017903",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/lib/iov_iter.c?id=9d2231c5d74e13b2a0546fee6737ee4446017903"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-03-07T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T09:24:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
},
{
"category": "workaround",
"details": "Currently there is no mitigation available for this flaw. Customers should update to fixed packages, once they are available.",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-04-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: improper initialization of the \"flags\" member of the new pipe_buffer"
},
{
"cve": "CVE-2022-22942",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044809"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Linux kernel\u2019s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: failing usercopy allows for use-after-free exploitation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22942"
},
{
"category": "external",
"summary": "RHBZ#2044809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22942"
}
],
"release_date": "2022-01-27T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T09:24:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is to skip loading the affected module vmwgfx onto the system until we have a fix available. This can be done by a blacklist mechanism and ensures the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: failing usercopy allows for use-after-free exploitation"
},
{
"cve": "CVE-2022-24407",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-2.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24407"
},
{
"category": "external",
"summary": "RHBZ#2055326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407"
},
{
"category": "external",
"summary": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28",
"url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28"
}
],
"release_date": "2022-02-22T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T09:24:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0841"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202203101736_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202203101736_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands"
}
]
}
RHSA-2022_0849
Vulnerability from csaf_redhat - Published: 2022-03-14 10:52 - Updated: 2024-11-15 14:43Summary
Red Hat Security Advisory: kpatch-patch security update
Severity
Important
Notes
Topic: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
* kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)
* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
* kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in unix_dgram_recvmsg in net/unix/af_unix.c in the Linux kernel's garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their privileges on the system. A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
7.4 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
8.8 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
7.0 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
7.1 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
7.0 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free flaw was found in the Linux kernel’s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem.
7.0 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
39 references
Acknowledgments
Nebula Lab
Yiqi Sun
Huawei
Kevin Wang
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0849",
"url": "https://access.redhat.com/errata/RHSA-2022:0849"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2031930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031930"
},
{
"category": "external",
"summary": "2034514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"category": "external",
"summary": "2042404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042404"
},
{
"category": "external",
"summary": "2044809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044809"
},
{
"category": "external",
"summary": "2048738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048738"
},
{
"category": "external",
"summary": "2051505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0849.json"
}
],
"title": "Red Hat Security Advisory: kpatch-patch security update",
"tracking": {
"current_release_date": "2024-11-15T14:43:26+00:00",
"generator": {
"date": "2024-11-15T14:43:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0849",
"initial_release_date": "2022-03-14T10:52:04+00:00",
"revision_history": [
{
"date": "2022-03-14T10:52:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-14T10:52:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T14:43:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.src",
"product": {
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.src",
"product_id": "kpatch-patch-4_18_0-348-0:1-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348@1-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"product": {
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"product_id": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_2_1@1-2.el8_5?arch=src"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"product": {
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"product_id": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_7_1@1-2.el8_5?arch=src"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"product": {
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"product_id": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_12_2@1-1.el8_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"product_id": "kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348@1-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"product_id": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348-debugsource@1-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"product_id": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348-debuginfo@1-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_2_1@1-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_2_1-debugsource@1-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_2_1-debuginfo@1-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_7_1@1-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_7_1-debugsource@1-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_7_1-debuginfo@1-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_12_2@1-1.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_12_2-debugsource@1-1.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"product": {
"name": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"product_id": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_12_2-debuginfo@1-1.el8_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"product_id": "kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348@1-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"product_id": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348-debugsource@1-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"product_id": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348-debuginfo@1-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_2_1@1-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_2_1-debugsource@1-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_2_1-debuginfo@1-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_7_1@1-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_7_1-debugsource@1-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_7_1-debuginfo@1-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_12_2@1-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_12_2-debugsource@1-1.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"product": {
"name": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"product_id": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-4_18_0-348_12_2-debuginfo@1-1.el8_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src"
},
"product_reference": "kpatch-patch-4_18_0-348-0:1-3.el8.src",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348-0:1-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src"
},
"product_reference": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src"
},
"product_reference": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src"
},
"product_reference": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le"
},
"product_reference": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
},
"product_reference": "kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0920",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031930"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in unix_dgram_recvmsg in net/unix/af_unix.c in the Linux kernel\u0027s garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their privileges on the system.\r\n\r\nA read-after-free memory flaw was found in the Linux kernel\u0027s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Use After Free in unix_gc() which could result in a local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-0920"
},
{
"category": "external",
"summary": "RHBZ#2031930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0920"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2021-07-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:52:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Use After Free in unix_gc() which could result in a local privilege escalation"
},
{
"cve": "CVE-2021-4154",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-12-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034514"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "RHBZ#2034514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
}
],
"release_date": "2021-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:52:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout"
},
{
"cve": "CVE-2022-0330",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2042404"
}
],
"notes": [
{
"category": "description",
"text": "A random memory access flaw was found in the Linux kernel\u2019s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: possible privileges escalation due to missing TLB flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For the Red Hat Enterprise Linux default configuration, the issue occurs only if a local user is running malicious code on GPU. The GPU is used and the user is required to have privileges to access the i915 Intel GPU.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0330"
},
{
"category": "external",
"summary": "RHBZ#2042404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0330",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0330"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/25/12",
"url": "https://www.openwall.com/lists/oss-security/2022/01/25/12"
}
],
"release_date": "2022-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:52:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: possible privileges escalation due to missing TLB flush"
},
{
"cve": "CVE-2022-0435",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048738"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in the Linux kernel\u2019s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat recommends to use TIPC Encryption to secure TIPC procotol\u0027s payload or use transport level to separate and/or secure (by both encrypting and authenticating via eg. IPSec/MACSec) the communication between nodes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0435"
},
{
"category": "external",
"summary": "RHBZ#2048738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0435"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/02/10/1",
"url": "https://www.openwall.com/lists/oss-security/2022/02/10/1"
}
],
"release_date": "2022-02-10T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:52:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0849"
},
{
"category": "workaround",
"details": "The TIPC module will NOT be automatically loaded. When required, administrative action is needed to explicitly load this module.\n\nLoading the module can be prevented with the following instructions:\n# echo \"install tipc /bin/true\" \u003e\u003e /etc/modprobe.d/disable-tipc.conf\nThe system will need to be restarted if the tipc module is loaded. In most circumstances, the TIPC kernel module will be unable to be unloaded while any network interfaces are active and the protocol is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS"
},
{
"acknowledgments": [
{
"names": [
"Yiqi Sun"
],
"organization": "Nebula Lab"
},
{
"names": [
"Kevin Wang"
],
"organization": "Huawei"
}
],
"cve": "CVE-2022-0492",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2022-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2051505"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: cgroups v1 release_agent feature may allow privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP) the container escape and privilege escalation caused by the CVE-2022-0492 vulnerability are blocked by the SELinux policy enabled (by default) on the OCP cluster nodes.\n\nRed Hat Virtualization requires SELinux running in enforcing mode[1] on all hypervisors and managers, which blocks this vulnerability.\n\n1. https://access.redhat.com/solutions/499473",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0492"
},
{
"category": "external",
"summary": "RHBZ#2051505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0492"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"
}
],
"release_date": "2022-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:52:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: cgroups v1 release_agent feature may allow privilege escalation"
},
{
"cve": "CVE-2022-22942",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044809"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Linux kernel\u2019s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: failing usercopy allows for use-after-free exploitation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22942"
},
{
"category": "external",
"summary": "RHBZ#2044809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22942"
}
],
"release_date": "2022-01-27T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:52:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is to skip loading the affected module vmwgfx onto the system until we have a fix available. This can be done by a blacklist mechanism and ensures the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debuginfo-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348-debugsource-0:1-3.el8.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debuginfo-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_12_2-debugsource-0:1-1.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_2_1-debugsource-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.src",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debuginfo-0:1-2.el8_5.x86_64",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.ppc64le",
"BaseOS-8.5.0.Z.MAIN:kpatch-patch-4_18_0-348_7_1-debugsource-0:1-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: failing usercopy allows for use-after-free exploitation"
}
]
}
SUSE-SU-2022:0241-1
Vulnerability from csaf_suse - Published: 2022-01-31 14:11 - Updated: 2022-01-31 14:11Summary
Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-24_67 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Patchnames: SUSE-2022-241,SUSE-SLE-Module-Live-Patching-15-SP2-2022-236,SUSE-SLE-Module-Live-Patching-15-SP2-2022-241,SUSE-SLE-Module-Live-Patching-15-SP2-2022-248,SUSE-SLE-Module-Live-Patching-15-SP2-2022-250
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-24_67 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).\n- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)\n- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-241,SUSE-SLE-Module-Live-Patching-15-SP2-2022-236,SUSE-SLE-Module-Live-Patching-15-SP2-2022-241,SUSE-SLE-Module-Live-Patching-15-SP2-2022-248,SUSE-SLE-Module-Live-Patching-15-SP2-2022-250",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0241-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0241-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220241-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0241-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010149.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191529",
"url": "https://bugzilla.suse.com/1191529"
},
{
"category": "self",
"summary": "SUSE Bug 1192036",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "self",
"summary": "SUSE Bug 1194461",
"url": "https://bugzilla.suse.com/1194461"
},
{
"category": "self",
"summary": "SUSE Bug 1194737",
"url": "https://bugzilla.suse.com/1194737"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42739 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2022-01-31T14:11:02Z",
"generator": {
"date": "2022-01-31T14:11:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0241-1",
"initial_release_date": "2022-01-31T14:11:02Z",
"revision_history": [
{
"date": "2022-01-31T14:11:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_75-preempt-7-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_75-preempt-7-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_75-preempt-7-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-31T14:11:02Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-31T14:11:02Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2021-42739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42739"
}
],
"notes": [
{
"category": "general",
"text": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42739",
"url": "https://www.suse.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1192036 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "external",
"summary": "SUSE Bug 1196722 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196722"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-31T14:11:02Z",
"details": "important"
}
],
"title": "CVE-2021-42739"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_67-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_70-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-7-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_78-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-31T14:11:02Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
}
]
}
SUSE-SU-2022:0254-1
Vulnerability from csaf_suse - Published: 2022-02-01 09:51 - Updated: 2022-02-01 09:51Summary
Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-24_61 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Patchnames: SUSE-2022-254,SUSE-SLE-Module-Live-Patching-15-SP2-2022-254,SUSE-SLE-Module-Live-Patching-15-SP2-2022-256
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-24_61 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).\n- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)\n- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-254,SUSE-SLE-Module-Live-Patching-15-SP2-2022-254,SUSE-SLE-Module-Live-Patching-15-SP2-2022-256",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0254-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0254-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220254-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0254-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-February/010155.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191529",
"url": "https://bugzilla.suse.com/1191529"
},
{
"category": "self",
"summary": "SUSE Bug 1192036",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "self",
"summary": "SUSE Bug 1194461",
"url": "https://bugzilla.suse.com/1194461"
},
{
"category": "self",
"summary": "SUSE Bug 1194737",
"url": "https://bugzilla.suse.com/1194737"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42739 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2022-02-01T09:51:46Z",
"generator": {
"date": "2022-02-01T09:51:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0254-1",
"initial_release_date": "2022-02-01T09:51:46Z",
"revision_history": [
{
"date": "2022-02-01T09:51:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_53_4-preempt-8-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_53_4-preempt-8-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_53_4-preempt-8-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T09:51:46Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T09:51:46Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2021-42739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42739"
}
],
"notes": [
{
"category": "general",
"text": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42739",
"url": "https://www.suse.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1192036 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "external",
"summary": "SUSE Bug 1196722 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196722"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T09:51:46Z",
"details": "important"
}
],
"title": "CVE-2021-42739"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_53_4-default-8-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T09:51:46Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
}
]
}
SUSE-SU-2022:0257-1
Vulnerability from csaf_suse - Published: 2022-02-01 11:16 - Updated: 2022-02-01 11:16Summary
Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-59_10 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Patchnames: SUSE-2022-257,SUSE-SLE-Module-Live-Patching-15-SP3-2022-257,SUSE-SLE-Module-Live-Patching-15-SP3-2022-258,SUSE-SLE-Module-Live-Patching-15-SP3-2022-269
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-59_10 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).\n- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).\n- CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167).\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)\n- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-257,SUSE-SLE-Module-Live-Patching-15-SP3-2022-257,SUSE-SLE-Module-Live-Patching-15-SP3-2022-258,SUSE-SLE-Module-Live-Patching-15-SP3-2022-269",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0257-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0257-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220257-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0257-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-February/010152.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191529",
"url": "https://bugzilla.suse.com/1191529"
},
{
"category": "self",
"summary": "SUSE Bug 1192036",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "self",
"summary": "SUSE Bug 1193529",
"url": "https://bugzilla.suse.com/1193529"
},
{
"category": "self",
"summary": "SUSE Bug 1194461",
"url": "https://bugzilla.suse.com/1194461"
},
{
"category": "self",
"summary": "SUSE Bug 1194737",
"url": "https://bugzilla.suse.com/1194737"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4028 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42739 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2022-02-01T11:16:05Z",
"generator": {
"date": "2022-02-01T11:16:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0257-1",
"initial_release_date": "2022-02-01T11:16:05Z",
"revision_history": [
{
"date": "2022-02-01T11:16:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_16-preempt-7-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-59_16-preempt-7-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-59_16-preempt-7-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T11:16:05Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-4028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4028"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in the Linux kernel\u0027s implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4028",
"url": "https://www.suse.com/security/cve/CVE-2021-4028"
},
{
"category": "external",
"summary": "SUSE Bug 1193167 for CVE-2021-4028",
"url": "https://bugzilla.suse.com/1193167"
},
{
"category": "external",
"summary": "SUSE Bug 1193529 for CVE-2021-4028",
"url": "https://bugzilla.suse.com/1193529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T11:16:05Z",
"details": "important"
}
],
"title": "CVE-2021-4028"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T11:16:05Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2021-42739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42739"
}
],
"notes": [
{
"category": "general",
"text": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42739",
"url": "https://www.suse.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1192036 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "external",
"summary": "SUSE Bug 1196722 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196722"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T11:16:05Z",
"details": "important"
}
],
"title": "CVE-2021-42739"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_10-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_16-default-7-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_19-default-6-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-01T11:16:05Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
}
]
}
SUSE-SU-2022:0291-1
Vulnerability from csaf_suse - Published: 2022-02-02 09:02 - Updated: 2022-02-02 09:02Summary
Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-24_52 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Patchnames: SUSE-2022-291,SUSE-SLE-Module-Live-Patching-15-SP2-2022-290,SUSE-SLE-Module-Live-Patching-15-SP2-2022-291
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-24_52 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).\n- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)\n- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060).\n- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-291,SUSE-SLE-Module-Live-Patching-15-SP2-2022-290,SUSE-SLE-Module-Live-Patching-15-SP2-2022-291",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0291-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0291-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0291-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-February/010172.html"
},
{
"category": "self",
"summary": "SUSE Bug 1186061",
"url": "https://bugzilla.suse.com/1186061"
},
{
"category": "self",
"summary": "SUSE Bug 1191529",
"url": "https://bugzilla.suse.com/1191529"
},
{
"category": "self",
"summary": "SUSE Bug 1192036",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "self",
"summary": "SUSE Bug 1194461",
"url": "https://bugzilla.suse.com/1194461"
},
{
"category": "self",
"summary": "SUSE Bug 1194680",
"url": "https://bugzilla.suse.com/1194680"
},
{
"category": "self",
"summary": "SUSE Bug 1194737",
"url": "https://bugzilla.suse.com/1194737"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25670 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25671 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25672 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25673 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23134 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42739 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2022-02-02T09:02:38Z",
"generator": {
"date": "2022-02-02T09:02:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0291-1",
"initial_release_date": "2022-02-02T09:02:38Z",
"revision_history": [
{
"date": "2022-02-02T09:02:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_52-preempt-13-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_52-preempt-13-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_52-preempt-13-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25670"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25670",
"url": "https://www.suse.com/security/cve/CVE-2020-25670"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25670",
"url": "https://bugzilla.suse.com/1178181"
},
{
"category": "external",
"summary": "SUSE Bug 1194680 for CVE-2020-25670",
"url": "https://bugzilla.suse.com/1194680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2020-25670"
},
{
"cve": "CVE-2020-25671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25671"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25671",
"url": "https://www.suse.com/security/cve/CVE-2020-25671"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25671",
"url": "https://bugzilla.suse.com/1178181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2020-25671"
},
{
"cve": "CVE-2020-25672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25672"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak vulnerability was found in Linux kernel in llcp_sock_connect",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25672",
"url": "https://www.suse.com/security/cve/CVE-2020-25672"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25672",
"url": "https://bugzilla.suse.com/1178181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2020-25672"
},
{
"cve": "CVE-2020-25673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25673"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25673",
"url": "https://www.suse.com/security/cve/CVE-2020-25673"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25673",
"url": "https://bugzilla.suse.com/1178181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2020-25673"
},
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-23134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23134"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23134",
"url": "https://www.suse.com/security/cve/CVE-2021-23134"
},
{
"category": "external",
"summary": "SUSE Bug 1186060 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1186060"
},
{
"category": "external",
"summary": "SUSE Bug 1186061 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1186061"
},
{
"category": "external",
"summary": "SUSE Bug 1220739 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1220739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2021-23134"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2021-42739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42739"
}
],
"notes": [
{
"category": "general",
"text": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42739",
"url": "https://www.suse.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1192036 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "external",
"summary": "SUSE Bug 1196722 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196722"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2021-42739"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:38Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
}
]
}
SUSE-SU-2022:0292-1
Vulnerability from csaf_suse - Published: 2022-02-02 09:02 - Updated: 2022-02-02 09:02Summary
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-24_64 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Patchnames: SUSE-2022-292,SUSE-SLE-Module-Live-Patching-15-SP2-2022-292
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-24_64 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).\n- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)\n- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-292,SUSE-SLE-Module-Live-Patching-15-SP2-2022-292",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0292-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0292-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220292-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0292-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-February/010176.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191529",
"url": "https://bugzilla.suse.com/1191529"
},
{
"category": "self",
"summary": "SUSE Bug 1192036",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "self",
"summary": "SUSE Bug 1194461",
"url": "https://bugzilla.suse.com/1194461"
},
{
"category": "self",
"summary": "SUSE Bug 1194737",
"url": "https://bugzilla.suse.com/1194737"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42739 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2022-02-02T09:02:51Z",
"generator": {
"date": "2022-02-02T09:02:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0292-1",
"initial_release_date": "2022-02-02T09:02:51Z",
"revision_history": [
{
"date": "2022-02-02T09:02:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-24_64-preempt-10-2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-24_64-preempt-10-2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-24_64-preempt-10-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:51Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:51Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2021-42739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42739"
}
],
"notes": [
{
"category": "general",
"text": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42739",
"url": "https://www.suse.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1192036 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "external",
"summary": "SUSE Bug 1196722 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196722"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:51Z",
"details": "important"
}
],
"title": "CVE-2021-42739"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_64-default-10-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:02:51Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
}
]
}
SUSE-SU-2022:0293-1
Vulnerability from csaf_suse - Published: 2022-02-02 09:03 - Updated: 2022-02-02 09:03Summary
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-57 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Patchnames: SUSE-2022-293,SUSE-SLE-Module-Live-Patching-15-SP3-2022-293
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-57 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).\n- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).\n- CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167).\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)\n- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060).\n- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-293,SUSE-SLE-Module-Live-Patching-15-SP3-2022-293",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0293-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0293-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220293-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0293-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-February/010173.html"
},
{
"category": "self",
"summary": "SUSE Bug 1186061",
"url": "https://bugzilla.suse.com/1186061"
},
{
"category": "self",
"summary": "SUSE Bug 1191529",
"url": "https://bugzilla.suse.com/1191529"
},
{
"category": "self",
"summary": "SUSE Bug 1192036",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "self",
"summary": "SUSE Bug 1193529",
"url": "https://bugzilla.suse.com/1193529"
},
{
"category": "self",
"summary": "SUSE Bug 1194461",
"url": "https://bugzilla.suse.com/1194461"
},
{
"category": "self",
"summary": "SUSE Bug 1194680",
"url": "https://bugzilla.suse.com/1194680"
},
{
"category": "self",
"summary": "SUSE Bug 1194737",
"url": "https://bugzilla.suse.com/1194737"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25670 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25671 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25672 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25673 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23134 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4028 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42739 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2022-02-02T09:03:07Z",
"generator": {
"date": "2022-02-02T09:03:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0293-1",
"initial_release_date": "2022-02-02T09:03:07Z",
"revision_history": [
{
"date": "2022-02-02T09:03:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"product_id": "kernel-livepatch-5_3_18-57-default-10-3.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-57-preempt-10-3.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-57-preempt-10-3.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-57-preempt-10-3.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-57-default-10-3.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-57-default-10-3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25670"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25670",
"url": "https://www.suse.com/security/cve/CVE-2020-25670"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25670",
"url": "https://bugzilla.suse.com/1178181"
},
{
"category": "external",
"summary": "SUSE Bug 1194680 for CVE-2020-25670",
"url": "https://bugzilla.suse.com/1194680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2020-25670"
},
{
"cve": "CVE-2020-25671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25671"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25671",
"url": "https://www.suse.com/security/cve/CVE-2020-25671"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25671",
"url": "https://bugzilla.suse.com/1178181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2020-25671"
},
{
"cve": "CVE-2020-25672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25672"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak vulnerability was found in Linux kernel in llcp_sock_connect",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25672",
"url": "https://www.suse.com/security/cve/CVE-2020-25672"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25672",
"url": "https://bugzilla.suse.com/1178181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2020-25672"
},
{
"cve": "CVE-2020-25673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25673"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25673",
"url": "https://www.suse.com/security/cve/CVE-2020-25673"
},
{
"category": "external",
"summary": "SUSE Bug 1178181 for CVE-2020-25673",
"url": "https://bugzilla.suse.com/1178181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2020-25673"
},
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-23134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23134"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23134",
"url": "https://www.suse.com/security/cve/CVE-2021-23134"
},
{
"category": "external",
"summary": "SUSE Bug 1186060 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1186060"
},
{
"category": "external",
"summary": "SUSE Bug 1186061 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1186061"
},
{
"category": "external",
"summary": "SUSE Bug 1220739 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1220739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2021-23134"
},
{
"cve": "CVE-2021-4028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4028"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in the Linux kernel\u0027s implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4028",
"url": "https://www.suse.com/security/cve/CVE-2021-4028"
},
{
"category": "external",
"summary": "SUSE Bug 1193167 for CVE-2021-4028",
"url": "https://bugzilla.suse.com/1193167"
},
{
"category": "external",
"summary": "SUSE Bug 1193529 for CVE-2021-4028",
"url": "https://bugzilla.suse.com/1193529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2021-4028"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2021-42739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42739"
}
],
"notes": [
{
"category": "general",
"text": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42739",
"url": "https://www.suse.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1192036 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "external",
"summary": "SUSE Bug 1196722 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196722"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2021-42739"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-10-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:07Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
}
]
}
SUSE-SU-2022:0295-1
Vulnerability from csaf_suse - Published: 2022-02-02 09:03 - Updated: 2022-02-02 09:03Summary
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-59_13 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Patchnames: SUSE-2022-295,SUSE-SLE-Module-Live-Patching-15-SP3-2022-294,SUSE-SLE-Module-Live-Patching-15-SP3-2022-295
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-59_13 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).\n- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).\n- CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167).\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)\n- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-295,SUSE-SLE-Module-Live-Patching-15-SP3-2022-294,SUSE-SLE-Module-Live-Patching-15-SP3-2022-295",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0295-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0295-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220295-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0295-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2022-February/021589.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191529",
"url": "https://bugzilla.suse.com/1191529"
},
{
"category": "self",
"summary": "SUSE Bug 1192036",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "self",
"summary": "SUSE Bug 1193529",
"url": "https://bugzilla.suse.com/1193529"
},
{
"category": "self",
"summary": "SUSE Bug 1194461",
"url": "https://bugzilla.suse.com/1194461"
},
{
"category": "self",
"summary": "SUSE Bug 1194737",
"url": "https://bugzilla.suse.com/1194737"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4028 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42739 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2022-02-02T09:03:32Z",
"generator": {
"date": "2022-02-02T09:03:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0295-1",
"initial_release_date": "2022-02-02T09:03:32Z",
"revision_history": [
{
"date": "2022-02-02T09:03:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_13-preempt-8-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-59_13-preempt-8-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-59_13-preempt-8-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:32Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-4028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4028"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in the Linux kernel\u0027s implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4028",
"url": "https://www.suse.com/security/cve/CVE-2021-4028"
},
{
"category": "external",
"summary": "SUSE Bug 1193167 for CVE-2021-4028",
"url": "https://bugzilla.suse.com/1193167"
},
{
"category": "external",
"summary": "SUSE Bug 1193529 for CVE-2021-4028",
"url": "https://bugzilla.suse.com/1193529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:32Z",
"details": "important"
}
],
"title": "CVE-2021-4028"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:32Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2021-42739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42739"
}
],
"notes": [
{
"category": "general",
"text": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42739",
"url": "https://www.suse.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1192036 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1192036"
},
{
"category": "external",
"summary": "SUSE Bug 1196722 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196722"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-42739",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:32Z",
"details": "important"
}
],
"title": "CVE-2021-42739"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_13-default-8-150300.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_5-default-8-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-02T09:03:32Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
}
]
}
SUSE-SU-2022:1669-1
Vulnerability from csaf_suse - Published: 2022-05-16 08:04 - Updated: 2022-05-16 08:04Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
- CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
- CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
- CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437).
- CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
The following non-security bugs were fixed:
- ACPI: processor idle: Check for architectural support for LPI (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
- ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- arm64: dts: ls1028a: fix memory node (git-fixes)
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024).
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
- bnx2x: fix napi API usage sequence (bsc#1198217).
- bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
- cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: fix bad fids sent over wire (bsc#1197157).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
- direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
- direct-io: defer alignment check until after the EOF check (bsc#1197656).
- direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
- dma-debug: fix return value of __setup handlers (git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
- dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
- Documentation: add link to stable release candidate tree (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd: Add USBC connector ID (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
- drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amdkfd: make CRAT table missing message informational only (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- drm/edid: check basic audio support on CEA extension block (git-fixes).
- drm/edid: Do not clear formats if using deep color (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
- drm/mediatek: Add AAL output size configuration (git-fixes).
- drm/mediatek: Fix aal size config (git-fixes).
- drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- fibmap: Reject negative block numbers (bsc#1198448).
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
- firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
- livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
- lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
- media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
- mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- net: asix: add proper error handling of usb read errors (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: mcs7830: handle usb read errors properly (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
- power: supply: axp20x_battery: properly report current when discharging (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
- power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
- powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
- random: check for signal_pending() outside of need_resched() check (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
- RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).
- regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
- rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).
- rpm: Use bash for %() expansion (jsc#SLE-18234).
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
- scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Handle low memory situations in call_status() (git-fixes).
- USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- USB: dwc3: gadget: Return proper request status (git-fixes).
- USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
- USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- video: fbdev: w100fb: Reset global state (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- x86/pm: Save the MSR validity status at context setup (bsc#1198400).
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
- xen: fix is_xen_pmu() (git-fixes).
- xen/blkfront: fix comment for need_copy (git-fixes).
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).
Patchnames: SUSE-2022-1669,SUSE-SLE-Module-RT-15-SP3-2022-1669,SUSE-SLE-Product-RT-15-SP3-2022-1669,SUSE-SUSE-MicroOS-5.1-2022-1669,SUSE-SUSE-MicroOS-5.2-2022-1669
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.7 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.7 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.7 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
104 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).\n- CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).\n- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).\n- CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).\n- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).\n- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).\n- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).\n- CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).\n- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).\n- CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).\n- CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).\n- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).\n- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).\n- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).\n- CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437).\n- CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\n\nThe following non-security bugs were fixed:\n\n- ACPI: processor idle: Check for architectural support for LPI (git-fixes).\n- ACPI/APEI: Limit printable size of BERT table data (git-fixes).\n- ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).\n- adm8211: fix error return code in adm8211_probe() (git-fixes).\n- ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).\n- ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).\n- ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).\n- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).\n- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).\n- ALSA: pcm: Test for \u0027silence\u0027 field in struct \u0027pcm_format_data\u0027 (git-fixes).\n- ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).\n- ALSA: usb-audio: Increase max buffer size (git-fixes).\n- ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).\n- arm64: clear_page() shouldn\u0027t use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)\n- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)\n- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)\n- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)\n- arm64: dts: ls1028a: fix memory node (git-fixes)\n- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)\n- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)\n- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)\n- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)\n- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)\n- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)\n- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)\n- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)\n- arm64: head: avoid over-mapping in map_memory (git-fixes)\n- arm64: Update config files; arm LIBNVDIMM y-\u003em ppc64le ND_BLK -\u003em (bsc#1199024).\n- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)\n- ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).\n- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).\n- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).\n- ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).\n- ASoC: soc-compress: Change the check for codec_dai (git-fixes).\n- ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).\n- ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).\n- ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).\n- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).\n- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).\n- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).\n- ath5k: fix building with LEDS=m (git-fixes).\n- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).\n- ath9k_htc: fix uninit value bugs (git-fixes).\n- ath9k: Fix usage of driver-private space in tx_info (git-fixes).\n- ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).\n- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)\n- bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).\n- bfq: Avoid merging queues with different parents (bsc#1197926).\n- bfq: Drop pointless unlock-lock pair (bsc#1197926).\n- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).\n- bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).\n- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).\n- bfq: Split shared queues on move between cgroups (bsc#1197926).\n- bfq: Track whether bfq_group is still online (bsc#1197926).\n- bfq: Update cgroup information before merging bio (bsc#1197926).\n- block: Drop leftover references to RQF_SORTED (bsc#1182073).\n- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).\n- Bluetooth: Fix use after free in hci_send_acl (git-fixes).\n- Bluetooth: hci_serdev: call init_rwsem() before p-\u003eopen() (git-fixes).\n- bnx2x: fix napi API usage sequence (bsc#1198217).\n- bpf: Resolve to prog-\u003eaux-\u003edst_prog-\u003etype only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).\n- brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).\n- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).\n- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).\n- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).\n- carl9170: fix missing bit-wise or operator for tx_params (git-fixes).\n- cfg80211: hold bss_lock while updating nontrans_list (git-fixes).\n- cifs: do not skip link targets when an I/O fails (bsc#1194625).\n- cifs: fix bad fids sent over wire (bsc#1197157).\n- clk: Enforce that disjoints limits are invalid (git-fixes).\n- clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).\n- direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).\n- direct-io: defer alignment check until after the EOF check (bsc#1197656).\n- direct-io: do not force writeback for reads beyond EOF (bsc#1197656).\n- dma-debug: fix return value of __setup handlers (git-fixes).\n- dma: at_xdmac: fix a missing check on list iterator (git-fixes).\n- dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).\n- dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).\n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).\n- dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).\n- dmaengine: Revert \u0027dmaengine: shdma: Fix runtime PM imbalance on error\u0027 (git-fixes).\n- Documentation: add link to stable release candidate tree (git-fixes).\n- drm: add a locked version of drm_is_current_master (bsc#1197914).\n- drm: Add orientation quirk for GPD Win Max (git-fixes).\n- drm: drm_file struct kABI compatibility workaround (bsc#1197914).\n- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).\n- drm: serialize drm_file.master with a new spinlock (bsc#1197914).\n- drm: use the lookup lock in drm_is_current_master (bsc#1197914).\n- drm/amd: Add USBC connector ID (git-fixes).\n- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).\n- drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).\n- drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).\n- drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).\n- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)\n- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)\n- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).\n- drm/amdgpu: Fix recursive locking warning (git-fixes).\n- drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).\n- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).\n- drm/amdkfd: make CRAT table missing message informational only (git-fixes).\n- drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).\n- drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).\n- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).\n- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)\n- drm/edid: check basic audio support on CEA extension block (git-fixes).\n- drm/edid: Do not clear formats if using deep color (git-fixes).\n- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)\n- drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).\n- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)\n- drm/i915: Keep gem ctx-\u003evm alive until the final put (bsc#1152489)\n- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)\n- drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).\n- drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).\n- drm/mediatek: Add AAL output size configuration (git-fixes).\n- drm/mediatek: Fix aal size config (git-fixes).\n- drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).\n- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).\n- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).\n- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)\n- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).\n- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)\n- drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).\n- drm/vmwgfx: Remove unused compile options (bsc#1152472)\n- e1000e: Fix possible overflow in LTR decoding (git-fixes).\n- fibmap: Reject negative block numbers (bsc#1198448).\n- fibmap: Use bmap instead of -\u003ebmap method in ioctl_fibmap (bsc#1198448).\n- firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).\n- gpiolib: acpi: use correct format characters (git-fixes).\n- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).\n- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).\n- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).\n- i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).\n- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).\n- Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).\n- ipmi: bail out if init_srcu_struct fails (git-fixes).\n- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).\n- ipmi: Move remove_work to dedicated workqueue (git-fixes).\n- iwlwifi: Fix -EIO error code that is never returned (git-fixes).\n- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).\n- KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).\n- livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).\n- lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).\n- media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).\n- media: hdpvr: initialize dev-\u003eworker at hdpvr_register_videodev (git-fixes).\n- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).\n- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).\n- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).\n- mmc: host: Return an error when -\u003eenable_sdio_irq() ops is missing (git-fixes).\n- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).\n- mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).\n- mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).\n- mtd: onenand: Check for error irq (git-fixes).\n- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).\n- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).\n- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).\n- net: asix: add proper error handling of usb read errors (git-fixes).\n- net: mana: Add counter for packet dropped by XDP (bsc#1195651).\n- net: mana: Add counter for XDP_TX (bsc#1195651).\n- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).\n- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).\n- net: mana: Reuse XDP dropped page (bsc#1195651).\n- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).\n- net: mcs7830: handle usb read errors properly (git-fixes).\n- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).\n- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).\n- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).\n- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).\n- PCI: aardvark: Fix support for MSI interrupts (git-fixes).\n- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).\n- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).\n- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).\n- PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).\n- power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).\n- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).\n- power: supply: axp20x_battery: properly report current when discharging (git-fixes).\n- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).\n- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).\n- power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).\n- power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).\n- powerpc/perf: Expose Performance Monitor Counter SPR\u0027s as part of extended regs (bsc#1198077 ltc#197299).\n- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).\n- powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).\n- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).\n- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).\n- random: check for signal_pending() outside of need_resched() check (git-fixes).\n- ray_cs: Check ioremap return value (git-fixes).\n- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).\n- RDMA/mlx5: Add a missing update of cache-\u003elast_add (jsc#SLE-15175).\n- RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).\n- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).\n- regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).\n- rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).\n- rpm: Use bash for %() expansion (jsc#SLE-18234).\n- rpm/*.spec.in: remove backtick usage\n- rpm/constraints.in: skip SLOW_DISK workers for kernel-source\n- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)\n- rtc: check if __rtc_read_time was successful (git-fixes).\n- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).\n- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).\n- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).\n- scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).\n- scsi: mpt3sas: Page fault in reply q processing (git-fixes).\n- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).\n- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).\n- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).\n- spi: Fix erroneous sgs value with min_t() (git-fixes).\n- spi: Fix invalid sgs value (git-fixes).\n- spi: mxic: Fix the transmit path (git-fixes).\n- spi: tegra20: Use of_device_get_match_data() (git-fixes).\n- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).\n- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).\n- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).\n- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).\n- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).\n- SUNRPC: Handle low memory situations in call_status() (git-fixes).\n- USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).\n- USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).\n- USB: dwc3: gadget: Return proper request status (git-fixes).\n- USB: dwc3: omap: fix \u0027unbalanced disables for smps10_out1\u0027 on omap5evm (git-fixes).\n- USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).\n- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)\n- USB: serial: pl2303: add IBM device IDs (git-fixes).\n- USB: serial: simple: add Nokia phone driver (git-fixes).\n- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).\n- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).\n- vgacon: Propagate console boot parameters before calling `vc_resize\u0027 (bsc#1152489)\n- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).\n- video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).\n- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).\n- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).\n- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).\n- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)\n- video: fbdev: w100fb: Reset global state (git-fixes).\n- virtio_console: break out of buf poll on remove (git-fixes).\n- virtio_console: eliminate anonymous module_init \u0026 module_exit (git-fixes).\n- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).\n- x86/pm: Save the MSR validity status at context setup (bsc#1198400).\n- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).\n- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).\n- xen: fix is_xen_pmu() (git-fixes).\n- xen/blkfront: fix comment for need_copy (git-fixes).\n- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).\n- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).\n- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).\n- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1669,SUSE-SLE-Module-RT-15-SP3-2022-1669,SUSE-SLE-Product-RT-15-SP3-2022-1669,SUSE-SUSE-MicroOS-5.1-2022-1669,SUSE-SUSE-MicroOS-5.2-2022-1669",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1669-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1669-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221669-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1669-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011018.html"
},
{
"category": "self",
"summary": "SUSE Bug 1028340",
"url": "https://bugzilla.suse.com/1028340"
},
{
"category": "self",
"summary": "SUSE Bug 1071995",
"url": "https://bugzilla.suse.com/1071995"
},
{
"category": "self",
"summary": "SUSE Bug 1137728",
"url": "https://bugzilla.suse.com/1137728"
},
{
"category": "self",
"summary": "SUSE Bug 1152472",
"url": "https://bugzilla.suse.com/1152472"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1177028",
"url": "https://bugzilla.suse.com/1177028"
},
{
"category": "self",
"summary": "SUSE Bug 1179878",
"url": "https://bugzilla.suse.com/1179878"
},
{
"category": "self",
"summary": "SUSE Bug 1182073",
"url": "https://bugzilla.suse.com/1182073"
},
{
"category": "self",
"summary": "SUSE Bug 1183723",
"url": "https://bugzilla.suse.com/1183723"
},
{
"category": "self",
"summary": "SUSE Bug 1187055",
"url": "https://bugzilla.suse.com/1187055"
},
{
"category": "self",
"summary": "SUSE Bug 1191647",
"url": "https://bugzilla.suse.com/1191647"
},
{
"category": "self",
"summary": "SUSE Bug 1193556",
"url": "https://bugzilla.suse.com/1193556"
},
{
"category": "self",
"summary": "SUSE Bug 1193842",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "self",
"summary": "SUSE Bug 1194625",
"url": "https://bugzilla.suse.com/1194625"
},
{
"category": "self",
"summary": "SUSE Bug 1195651",
"url": "https://bugzilla.suse.com/1195651"
},
{
"category": "self",
"summary": "SUSE Bug 1195926",
"url": "https://bugzilla.suse.com/1195926"
},
{
"category": "self",
"summary": "SUSE Bug 1196018",
"url": "https://bugzilla.suse.com/1196018"
},
{
"category": "self",
"summary": "SUSE Bug 1196114",
"url": "https://bugzilla.suse.com/1196114"
},
{
"category": "self",
"summary": "SUSE Bug 1196367",
"url": "https://bugzilla.suse.com/1196367"
},
{
"category": "self",
"summary": "SUSE Bug 1196514",
"url": "https://bugzilla.suse.com/1196514"
},
{
"category": "self",
"summary": "SUSE Bug 1196639",
"url": "https://bugzilla.suse.com/1196639"
},
{
"category": "self",
"summary": "SUSE Bug 1196942",
"url": "https://bugzilla.suse.com/1196942"
},
{
"category": "self",
"summary": "SUSE Bug 1197157",
"url": "https://bugzilla.suse.com/1197157"
},
{
"category": "self",
"summary": "SUSE Bug 1197391",
"url": "https://bugzilla.suse.com/1197391"
},
{
"category": "self",
"summary": "SUSE Bug 1197656",
"url": "https://bugzilla.suse.com/1197656"
},
{
"category": "self",
"summary": "SUSE Bug 1197660",
"url": "https://bugzilla.suse.com/1197660"
},
{
"category": "self",
"summary": "SUSE Bug 1197677",
"url": "https://bugzilla.suse.com/1197677"
},
{
"category": "self",
"summary": "SUSE Bug 1197914",
"url": "https://bugzilla.suse.com/1197914"
},
{
"category": "self",
"summary": "SUSE Bug 1197926",
"url": "https://bugzilla.suse.com/1197926"
},
{
"category": "self",
"summary": "SUSE Bug 1198077",
"url": "https://bugzilla.suse.com/1198077"
},
{
"category": "self",
"summary": "SUSE Bug 1198217",
"url": "https://bugzilla.suse.com/1198217"
},
{
"category": "self",
"summary": "SUSE Bug 1198330",
"url": "https://bugzilla.suse.com/1198330"
},
{
"category": "self",
"summary": "SUSE Bug 1198400",
"url": "https://bugzilla.suse.com/1198400"
},
{
"category": "self",
"summary": "SUSE Bug 1198413",
"url": "https://bugzilla.suse.com/1198413"
},
{
"category": "self",
"summary": "SUSE Bug 1198437",
"url": "https://bugzilla.suse.com/1198437"
},
{
"category": "self",
"summary": "SUSE Bug 1198448",
"url": "https://bugzilla.suse.com/1198448"
},
{
"category": "self",
"summary": "SUSE Bug 1198484",
"url": "https://bugzilla.suse.com/1198484"
},
{
"category": "self",
"summary": "SUSE Bug 1198515",
"url": "https://bugzilla.suse.com/1198515"
},
{
"category": "self",
"summary": "SUSE Bug 1198516",
"url": "https://bugzilla.suse.com/1198516"
},
{
"category": "self",
"summary": "SUSE Bug 1198534",
"url": "https://bugzilla.suse.com/1198534"
},
{
"category": "self",
"summary": "SUSE Bug 1198742",
"url": "https://bugzilla.suse.com/1198742"
},
{
"category": "self",
"summary": "SUSE Bug 1198825",
"url": "https://bugzilla.suse.com/1198825"
},
{
"category": "self",
"summary": "SUSE Bug 1198989",
"url": "https://bugzilla.suse.com/1198989"
},
{
"category": "self",
"summary": "SUSE Bug 1199012",
"url": "https://bugzilla.suse.com/1199012"
},
{
"category": "self",
"summary": "SUSE Bug 1199024",
"url": "https://bugzilla.suse.com/1199024"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27835 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-0707 page",
"url": "https://www.suse.com/security/cve/CVE-2021-0707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20292 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20321 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38208 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0812 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1158 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1280 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1353 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1419 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1516 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28356 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28748 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28893 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29156 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29156/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-05-16T08:04:04Z",
"generator": {
"date": "2022-05-16T08:04:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1669-1",
"initial_release_date": "2022-05-16T08:04:04Z",
"revision_history": [
{
"date": "2022-05-16T08:04:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.88.2.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.88.2.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.88.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.88.2.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.88.2.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.88.2.noarch"
}
},
{
"category": "product_version",
"name": "release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"product": {
"name": "release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"product_id": "release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.88.2.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.88.2.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.88.2.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.88.2.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.88.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.88.2.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.88.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP3",
"product": {
"name": "SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_rt:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64"
},
"product_reference": "cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-5.3.18-150300.88.2.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64"
},
"product_reference": "dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-5.3.18-150300.88.2.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64"
},
"product_reference": "gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.3.18-150300.88.2.noarch as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch"
},
"product_reference": "kernel-devel-rt-5.3.18-150300.88.2.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.88.2.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-5.3.18-150300.88.2.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64"
},
"product_reference": "kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64"
},
"product_reference": "kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.88.2.noarch as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.88.2.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-5.3.18-150300.88.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64"
},
"product_reference": "kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64"
},
"product_reference": "ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
},
"product_reference": "release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
"product_id": "SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
},
"product_reference": "release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.88.2.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.88.2.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.88.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27835"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27835",
"url": "https://www.suse.com/security/cve/CVE-2020-27835"
},
{
"category": "external",
"summary": "SUSE Bug 1179878 for CVE-2020-27835",
"url": "https://bugzilla.suse.com/1179878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2020-27835"
},
{
"cve": "CVE-2021-0707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-0707"
}
],
"notes": [
{
"category": "general",
"text": "In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-0707",
"url": "https://www.suse.com/security/cve/CVE-2021-0707"
},
{
"category": "external",
"summary": "SUSE Bug 1198437 for CVE-2021-0707",
"url": "https://bugzilla.suse.com/1198437"
},
{
"category": "external",
"summary": "SUSE Bug 1199332 for CVE-2021-0707",
"url": "https://bugzilla.suse.com/1199332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "important"
}
],
"title": "CVE-2021-0707"
},
{
"cve": "CVE-2021-20292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20292"
}
],
"notes": [
{
"category": "general",
"text": "There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20292",
"url": "https://www.suse.com/security/cve/CVE-2021-20292"
},
{
"category": "external",
"summary": "SUSE Bug 1183723 for CVE-2021-20292",
"url": "https://bugzilla.suse.com/1183723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-20292"
},
{
"cve": "CVE-2021-20321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20321"
}
],
"notes": [
{
"category": "general",
"text": "A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20321",
"url": "https://www.suse.com/security/cve/CVE-2021-20321"
},
{
"category": "external",
"summary": "SUSE Bug 1191647 for CVE-2021-20321",
"url": "https://bugzilla.suse.com/1191647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-20321"
},
{
"cve": "CVE-2021-38208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38208"
}
],
"notes": [
{
"category": "general",
"text": "net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38208",
"url": "https://www.suse.com/security/cve/CVE-2021-38208"
},
{
"category": "external",
"summary": "SUSE Bug 1187055 for CVE-2021-38208",
"url": "https://bugzilla.suse.com/1187055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-38208"
},
{
"cve": "CVE-2021-4154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4154",
"url": "https://www.suse.com/security/cve/CVE-2021-4154"
},
{
"category": "external",
"summary": "SUSE Bug 1193842 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1193842"
},
{
"category": "external",
"summary": "SUSE Bug 1194461 for CVE-2021-4154",
"url": "https://bugzilla.suse.com/1194461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "important"
}
],
"title": "CVE-2021-4154"
},
{
"cve": "CVE-2022-0812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0812"
}
],
"notes": [
{
"category": "general",
"text": "An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0812",
"url": "https://www.suse.com/security/cve/CVE-2022-0812"
},
{
"category": "external",
"summary": "SUSE Bug 1196639 for CVE-2022-0812",
"url": "https://bugzilla.suse.com/1196639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-0812"
},
{
"cve": "CVE-2022-1158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1158"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in KVM. When updating a guest\u0027s page table entry, vm_pgoff was improperly used as the offset to get the page\u0027s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1158",
"url": "https://www.suse.com/security/cve/CVE-2022-1158"
},
{
"category": "external",
"summary": "SUSE Bug 1197660 for CVE-2022-1158",
"url": "https://bugzilla.suse.com/1197660"
},
{
"category": "external",
"summary": "SUSE Bug 1198133 for CVE-2022-1158",
"url": "https://bugzilla.suse.com/1198133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "important"
}
],
"title": "CVE-2022-1158"
},
{
"cve": "CVE-2022-1280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1280"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1280",
"url": "https://www.suse.com/security/cve/CVE-2022-1280"
},
{
"category": "external",
"summary": "SUSE Bug 1197914 for CVE-2022-1280",
"url": "https://bugzilla.suse.com/1197914"
},
{
"category": "external",
"summary": "SUSE Bug 1198590 for CVE-2022-1280",
"url": "https://bugzilla.suse.com/1198590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "important"
}
],
"title": "CVE-2022-1280"
},
{
"cve": "CVE-2022-1353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1353"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1353",
"url": "https://www.suse.com/security/cve/CVE-2022-1353"
},
{
"category": "external",
"summary": "SUSE Bug 1198516 for CVE-2022-1353",
"url": "https://bugzilla.suse.com/1198516"
},
{
"category": "external",
"summary": "SUSE Bug 1212293 for CVE-2022-1353",
"url": "https://bugzilla.suse.com/1212293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-1353"
},
{
"cve": "CVE-2022-1419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1419"
}
],
"notes": [
{
"category": "general",
"text": "The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1419",
"url": "https://www.suse.com/security/cve/CVE-2022-1419"
},
{
"category": "external",
"summary": "SUSE Bug 1198742 for CVE-2022-1419",
"url": "https://bugzilla.suse.com/1198742"
},
{
"category": "external",
"summary": "SUSE Bug 1201655 for CVE-2022-1419",
"url": "https://bugzilla.suse.com/1201655"
},
{
"category": "external",
"summary": "SUSE Bug 1203034 for CVE-2022-1419",
"url": "https://bugzilla.suse.com/1203034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "important"
}
],
"title": "CVE-2022-1419"
},
{
"cve": "CVE-2022-1516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1516"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1516",
"url": "https://www.suse.com/security/cve/CVE-2022-1516"
},
{
"category": "external",
"summary": "SUSE Bug 1199012 for CVE-2022-1516",
"url": "https://bugzilla.suse.com/1199012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-1516"
},
{
"cve": "CVE-2022-28356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28356",
"url": "https://www.suse.com/security/cve/CVE-2022-28356"
},
{
"category": "external",
"summary": "SUSE Bug 1197391 for CVE-2022-28356",
"url": "https://bugzilla.suse.com/1197391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-28356"
},
{
"cve": "CVE-2022-28748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28748"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28748",
"url": "https://www.suse.com/security/cve/CVE-2022-28748"
},
{
"category": "external",
"summary": "SUSE Bug 1196018 for CVE-2022-28748",
"url": "https://bugzilla.suse.com/1196018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-28748"
},
{
"cve": "CVE-2022-28893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28893"
}
],
"notes": [
{
"category": "general",
"text": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28893",
"url": "https://www.suse.com/security/cve/CVE-2022-28893"
},
{
"category": "external",
"summary": "SUSE Bug 1198330 for CVE-2022-28893",
"url": "https://bugzilla.suse.com/1198330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-28893"
},
{
"cve": "CVE-2022-29156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29156"
}
],
"notes": [
{
"category": "general",
"text": "drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29156",
"url": "https://www.suse.com/security/cve/CVE-2022-29156"
},
{
"category": "external",
"summary": "SUSE Bug 1198515 for CVE-2022-29156",
"url": "https://bugzilla.suse.com/1198515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Linux Enterprise Real Time 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.88.2.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.88.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.88.2.x86_64",
"SUSE Real Time Module 15 SP3:release-notes-sle_rt-15.3.20220422-150300.3.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-29156"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…