OPENSUSE-SU-2022:2173-1
Vulnerability from csaf_opensuse - Published: 2022-06-24 08:53 - Updated: 2022-06-24 08:53Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)
-
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes).
- devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
Patchnames: openSUSE-Leap-Micro-5.2-2022-2173
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 kernel was updated.\n\nThe following security bugs were fixed:\n\n- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)\n- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)\n- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)\n- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)\n- \nThe following non-security bugs were fixed:\n\n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).\n- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).\n- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).\n- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).\n- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).\n- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).\n- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).\n- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).\n- ASoC: dapm: Do not fold register value changes into notifications (git-fixes).\n- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).\n- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).\n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).\n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).\n- ath9k: fix QCA9561 PA bias level (git-fixes).\n- b43: Fix assigning negative value to unsigned variable (git-fixes).\n- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).\n- blk-mq: fix tag_get wait task can\u0027t be awakened (bsc#1200263).\n- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).\n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).\n- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).\n- cfg80211: set custom regdomain after wiphy registration (git-fixes).\n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).\n- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).\n- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).\n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).\n- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).\n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).\n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).\n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).\n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).\n- drm: imx: fix compiler warning with gcc-12 (git-fixes).\n- drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).\n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).\n- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).\n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).\n- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).\n- drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).\n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).\n- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).\n- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).\n- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).\n- drm/plane: Move range check for format_count earlier (git-fixes).\n- drm/radeon: fix a possible null pointer dereference (git-fixes).\n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).\n- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).\n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).\n- fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).\n- ftrace: Clean up hash direct_functions on register failures (git-fixes).\n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).\n- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).\n- hwmon: Make chip parameter for with_info API mandatory (git-fixes).\n- i2c: cadence: Increase timeout per message if necessary (git-fixes).\n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).\n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).\n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).\n- Input: goodix - fix spurious key release events (git-fixes).\n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).\n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).\n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).\n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).\n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).\n- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).\n- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).\n- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).\n- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).\n- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).\n- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).\n- KVM: s390: pv: add macros for UVC CC values (git-fixes).\n- KVM: s390: pv: avoid double free of sida page (git-fixes).\n- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).\n- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).\n- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).\n- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).\n- KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).\n- KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).\n- KVM: x86: Fix emulation in writing cr8 (git-fixes).\n- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes).\n- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).\n- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).\n- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).\n- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).\n- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).\n- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).\n- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).\n- KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).\n- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes).\n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).\n- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).\n- md: fix an incorrect NULL check in md_reload_sb (git-fixes).\n- media: cx25821: Fix the warning when removing the module (git-fixes).\n- media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).\n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).\n- media: venus: hfi: avoid null dereference in deinit (git-fixes).\n- misc: rtsx: set NULL intfdata when probe fails (git-fixes).\n- mmc: block: Fix CQE recovery reset success (git-fixes).\n- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).\n- modpost: fix removing numeric suffixes (git-fixes).\n- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).\n- mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes).\n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).\n- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).\n- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).\n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).\n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).\n- NFS: Do not report ENOSPC write errors twice (git-fixes).\n- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).\n- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).\n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).\n- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).\n- platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes).\n- platform/x86: wmi: Fix driver-\u003enotify() vs -\u003eprobe() race (git-fixes).\n- platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes).\n- devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).\n- raid5: introduce MD_BROKEN (git-fixes).\n- rtl818x: Prevent using not initialized queues (git-fixes).\n- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).\n- s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).\n- s390: fix strrchr() implementation (git-fixes).\n- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).\n- s390/cio: Fix the \u0027type\u0027 field in s390_cio_tpi tracepoint (git-fixes).\n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).\n- s390/ctcm: fix potential memory leak (git-fixes).\n- s390/ctcm: fix variable dereferenced before check (git-fixes).\n- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).\n- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).\n- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).\n- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).\n- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).\n- s390/lcs: fix variable dereferenced before check (git-fixes).\n- s390/mcck: fix invalid KVM guest condition check (git-fixes).\n- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).\n- s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).\n- s390/nmi: handle vector validity failures for KVM guests (git-fixes).\n- s390/pv: fix the forcing of the swiotlb (git-fixes).\n- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).\n- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).\n- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).\n- serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).\n- spi: Introduce device-managed SPI controller allocation (git-fixes).\n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).\n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).\n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).\n- staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).\n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).\n- tty: Fix a possible resource leak in icom_probe (git-fixes).\n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).\n- usb: core: hcd: Add support for deferring roothub registration (git-fixes).\n- usb: dwc2: gadget: do not reset gadget\u0027s driver-\u003ebus (git-fixes).\n- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).\n- usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).\n- usb: new quirk for Dell Gen 2 devices (git-fixes).\n- usb: serial: option: add Quectel BG95 modem (git-fixes).\n- vfio-ccw: Check initialized flag in cp_init() (git-fixes).\n- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).\n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).\n- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).\n- vringh: Fix loop descriptors check in the indirect cases (git-fixes).\n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-Micro-5.2-2022-2173",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_2173-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:2173-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CWOILJAA3L3ZOAEUSAUQRV4VH2BJEGVX/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:2173-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CWOILJAA3L3ZOAEUSAUQRV4VH2BJEGVX/"
},
{
"category": "self",
"summary": "SUSE Bug 1177282",
"url": "https://bugzilla.suse.com/1177282"
},
{
"category": "self",
"summary": "SUSE Bug 1199365",
"url": "https://bugzilla.suse.com/1199365"
},
{
"category": "self",
"summary": "SUSE Bug 1200015",
"url": "https://bugzilla.suse.com/1200015"
},
{
"category": "self",
"summary": "SUSE Bug 1200143",
"url": "https://bugzilla.suse.com/1200143"
},
{
"category": "self",
"summary": "SUSE Bug 1200144",
"url": "https://bugzilla.suse.com/1200144"
},
{
"category": "self",
"summary": "SUSE Bug 1200206",
"url": "https://bugzilla.suse.com/1200206"
},
{
"category": "self",
"summary": "SUSE Bug 1200207",
"url": "https://bugzilla.suse.com/1200207"
},
{
"category": "self",
"summary": "SUSE Bug 1200249",
"url": "https://bugzilla.suse.com/1200249"
},
{
"category": "self",
"summary": "SUSE Bug 1200259",
"url": "https://bugzilla.suse.com/1200259"
},
{
"category": "self",
"summary": "SUSE Bug 1200263",
"url": "https://bugzilla.suse.com/1200263"
},
{
"category": "self",
"summary": "SUSE Bug 1200268",
"url": "https://bugzilla.suse.com/1200268"
},
{
"category": "self",
"summary": "SUSE Bug 1200529",
"url": "https://bugzilla.suse.com/1200529"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26541 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1966 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1975 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1975/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-06-24T08:53:23Z",
"generator": {
"date": "2022-06-24T08:53:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:2173-1",
"initial_release_date": "2022-06-24T08:53:23Z",
"revision_history": [
{
"date": "2022-06-24T08:53:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-5.3.18-150300.59.76.1.aarch64",
"product": {
"name": "kernel-default-5.3.18-150300.59.76.1.aarch64",
"product_id": "kernel-default-5.3.18-150300.59.76.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"product": {
"name": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"product_id": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-5.3.18-150300.59.76.1.x86_64",
"product": {
"name": "kernel-default-5.3.18-150300.59.76.1.x86_64",
"product_id": "kernel-default-5.3.18-150300.59.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64",
"product": {
"name": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64",
"product_id": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-5.3.18-150300.59.76.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64"
},
"product_reference": "kernel-default-5.3.18-150300.59.76.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-5.3.18-150300.59.76.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64"
},
"product_reference": "kernel-default-5.3.18-150300.59.76.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64"
},
"product_reference": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
},
"product_reference": "kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26541"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26541",
"url": "https://www.suse.com/security/cve/CVE-2020-26541"
},
{
"category": "external",
"summary": "SUSE Bug 1177282 for CVE-2020-26541",
"url": "https://bugzilla.suse.com/1177282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-24T08:53:23Z",
"details": "moderate"
}
],
"title": "CVE-2020-26541"
},
{
"cve": "CVE-2022-1966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1966"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1966",
"url": "https://www.suse.com/security/cve/CVE-2022-1966"
},
{
"category": "external",
"summary": "SUSE Bug 1200015 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200015"
},
{
"category": "external",
"summary": "SUSE Bug 1200268 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200268"
},
{
"category": "external",
"summary": "SUSE Bug 1200494 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200494"
},
{
"category": "external",
"summary": "SUSE Bug 1200529 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-24T08:53:23Z",
"details": "important"
}
],
"title": "CVE-2022-1966"
},
{
"cve": "CVE-2022-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1974"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1974",
"url": "https://www.suse.com/security/cve/CVE-2022-1974"
},
{
"category": "external",
"summary": "SUSE Bug 1200144 for CVE-2022-1974",
"url": "https://bugzilla.suse.com/1200144"
},
{
"category": "external",
"summary": "SUSE Bug 1200265 for CVE-2022-1974",
"url": "https://bugzilla.suse.com/1200265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-24T08:53:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-1974"
},
{
"cve": "CVE-2022-1975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1975"
}
],
"notes": [
{
"category": "general",
"text": "There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1975",
"url": "https://www.suse.com/security/cve/CVE-2022-1975"
},
{
"category": "external",
"summary": "SUSE Bug 1200143 for CVE-2022-1975",
"url": "https://bugzilla.suse.com/1200143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-5.3.18-150300.59.76.1.x86_64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.aarch64",
"openSUSE Leap Micro 5.2:kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-24T08:53:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-1975"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…