Vulnerability from csaf_suse
Published
2022-04-19 13:25
Modified
2022-04-19 13:25
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:
- CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
The following non-security bugs were fixed:
- asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes).
- asix: Ensure asix_rx_fixup_info members are all reset (git-fixes).
- asix: Fix small memory leak in ax88772_unbind() (git-fixes).
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
- can: dev: can_restart: fix use after free bug (git-fixes).
- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1196723).
- cgroup: Correct privileges check in release_agent writes (bsc#1196723).
- cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1196723).
- dax: update to new mmu_notifier semantic (bsc#1184207).
- EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1114648).
- ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125).
- ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099 jsc#SLE-24125).
- ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24125).
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
- ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339).
- ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339).
- ext4: update i_disksize if direct write past ondisk size (bsc#1197806).
- fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- IB/core: Fix ODP get user pages flow (git-fixes)
- IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes)
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes)
- IB/hfi1: Ensure pq is not left on waitlist (git-fixes)
- IB/hfi1: Fix another case where pq is left on waitlist (git-fixes)
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes)
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes)
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- IB/qib: Use struct_size() helper (git-fixes)
- IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes)
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- isofs: Fix out of bound access for corrupted isofs image (bsc#1194591).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- mdio: fix mdio-thunder.c dependency build error (git-fixes).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207).
- mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207).
- mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207).
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- net: asix: add proper error handling of usb read errors (git-fixes).
- net: asix: fix uninit value bugs (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24125).
- net: ena: Add debug prints for invalid req_id resets (bsc#1197099 jsc#SLE-24125).
- net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24125).
- net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24125).
- net: ena: aggregate doorbell common operations into a function (bsc#1197099 jsc#SLE-24125).
- net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24125).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24125).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24125).
- net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24125).
- net: ena: Extract recurring driver reset code into a function (bsc#1197099 jsc#SLE-24125).
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125).
- net: ena: fix DMA mapping function issues in XDP (bsc#1197099 jsc#SLE-24125).
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125).
- net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24125).
- net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1197099 jsc#SLE-24125).
- net: ena: introduce XDP redirect implementation (bsc#1197099 jsc#SLE-24125).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24125).
- net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24125).
- net: ena: optimize data access in fast-path code (bsc#1197099 jsc#SLE-24125).
- net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24125).
- net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125).
- net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24125).
- net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125).
- net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125).
- net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24125).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24125).
- net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099 jsc#SLE-24125).
- net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099 jsc#SLE-24125).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
- net: hns: fix return value check in __lb_other_process() (git-fixes).
- net: marvell: Fix OF_MDIO config check (git-fixes).
- net: mcs7830: handle usb read errors properly (git-fixes).
- net: usb: asix: add error handling for asix_mdio_* functions (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Clamp WRITE offsets (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
- NFS: Fix another issue with a list iterator pointing to the head (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15288, jsc#ECO-2990).
- powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes).
- powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609).
- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jec#SLE-23780).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jec#SLE-23780).
- powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- qed: select CONFIG_CRC32 (git-fixes).
- quota: correct error number in free_dqentry() (bsc#1194590).
- RDMA/addr: Be strict with gid size (git-fixes)
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
- RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes)
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes)
- RDMA/core: Do not infoleak GRH fields (git-fixes)
- RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes)
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes)
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes)
- RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes)
- RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes)
- RDMA/hns: Validate the pkey index (git-fixes)
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- RDMA/ib_srp: Fix a deadlock (git-fixes)
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes)
- RDMA/mlx4: Return missed an error if device does not support steering (git-fixes)
- RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes)
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes)
- RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes)
- RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages() (git-fixes)
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes)
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- RDMA/rxe: Fix failure during driver load (git-fixes)
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes)
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes)
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes)
- RDMA/rxe: Remove rxe_link_layer() (git-fixes)
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- RDMA/ucma: Fix locking for ctx->events_reported (git-fixes)
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes)
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- sr9700: sanity check for packet length (bsc#1196836).
- SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- SUNRPC: Fix transport accounting when caller specifies an rpc_xprt (bsc#1197531).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541).
- tracing: Fix return value of __setup handlers (git-fixes).
- USB: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes).
- USB: chipidea: fix interrupt deadlock (git-fixes).
- USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes).
- USB: ftdi-elan: fix memory leak on device disconnect (git-fixes).
- USB: host: xen-hcd: add missing unlock in error path (git-fixes).
- USB: host: xhci-rcar: Do not reload firmware after the completion (git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- virtio_net: Fix recursive call to cpus_read_lock() (git-fixes).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1114648).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1114648).
- xen/gntdev: update to new mmu_notifier semantic (bsc#1184207).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set (git-fixes).
Patchnames
SUSE-2022-1266,SUSE-SLE-SERVER-12-SP5-2022-1266
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 12 SP5 kernel was updated.\n\nThe following security bugs were fixed:\n\n- CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391)\n- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)\n- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)\n- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)\n- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)\n- CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639)\n- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)\n- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)\n- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)\n- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)\n- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)\n- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)\n- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)\n- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)\n\nThe following non-security bugs were fixed:\n\n- asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes).\n- asix: Ensure asix_rx_fixup_info members are all reset (git-fixes).\n- asix: Fix small memory leak in ax88772_unbind() (git-fixes).\n- asix: fix uninit-value in asix_mdio_read() (git-fixes).\n- asix: fix wrong return value in asix_check_host_enable() (git-fixes).\n- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).\n- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).\n- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).\n- can: dev: can_restart: fix use after free bug (git-fixes).\n- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1196723).\n- cgroup: Correct privileges check in release_agent writes (bsc#1196723).\n- cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1196723).\n- dax: update to new mmu_notifier semantic (bsc#1184207).\n- EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1114648).\n- ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125).\n- ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099 jsc#SLE-24125).\n- ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24125).\n- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).\n- ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339).\n- ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).\n- ext4: do not use the orphan list when migrating an inode (bsc#1197756).\n- ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).\n- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).\n- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).\n- ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580).\n- ext4: make sure quota gets properly shutdown on error (bsc#1195480).\n- ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339).\n- ext4: update i_disksize if direct write past ondisk size (bsc#1197806).\n- fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl\n- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).\n- gtp: fix an use-before-init in gtp_newlink() (git-fixes).\n- IB/core: Fix ODP get user pages flow (git-fixes)\n- IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes)\n- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)\n- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes)\n- IB/hfi1: Ensure pq is not left on waitlist (git-fixes)\n- IB/hfi1: Fix another case where pq is left on waitlist (git-fixes)\n- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)\n- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes)\n- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)\n- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes)\n- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)\n- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)\n- IB/qib: Use struct_size() helper (git-fixes)\n- IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes)\n- IB/umad: Return EIO in case of when device disassociated (git-fixes)\n- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)\n- isofs: Fix out of bound access for corrupted isofs image (bsc#1194591).\n- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).\n- mdio: fix mdio-thunder.c dependency build error (git-fixes).\n- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).\n- mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207).\n- mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207).\n- mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207).\n- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).\n- net: asix: add proper error handling of usb read errors (git-fixes).\n- net: asix: fix uninit value bugs (git-fixes).\n- net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).\n- net: dp83867: Fix OF_MDIO config check (git-fixes).\n- net: dsa: bcm_sf2: put device node before return (git-fixes).\n- net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24125).\n- net: ena: Add debug prints for invalid req_id resets (bsc#1197099 jsc#SLE-24125).\n- net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24125).\n- net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24125).\n- net: ena: aggregate doorbell common operations into a function (bsc#1197099 jsc#SLE-24125).\n- net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24125).\n- net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24125).\n- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24125).\n- net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24125).\n- net: ena: Extract recurring driver reset code into a function (bsc#1197099 jsc#SLE-24125).\n- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125).\n- net: ena: fix DMA mapping function issues in XDP (bsc#1197099 jsc#SLE-24125).\n- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125).\n- net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24125).\n- net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125).\n- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1197099 jsc#SLE-24125).\n- net: ena: introduce XDP redirect implementation (bsc#1197099 jsc#SLE-24125).\n- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24125).\n- net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24125).\n- net: ena: optimize data access in fast-path code (bsc#1197099 jsc#SLE-24125).\n- net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24125).\n- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24125).\n- net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125).\n- net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24125).\n- net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125).\n- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125).\n- net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24125).\n- net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125).\n- net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125).\n- net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24125).\n- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24125).\n- net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099 jsc#SLE-24125).\n- net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125).\n- net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099 jsc#SLE-24125).\n- net: ethernet: Fix memleak in ethoc_probe (git-fixes).\n- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).\n- net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes).\n- net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).\n- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).\n- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).\n- net: hns: fix return value check in __lb_other_process() (git-fixes).\n- net: marvell: Fix OF_MDIO config check (git-fixes).\n- net: mcs7830: handle usb read errors properly (git-fixes).\n- net: usb: asix: add error handling for asix_mdio_* functions (git-fixes).\n- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).\n- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).\n- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).\n- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).\n- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).\n- NFS: Clamp WRITE offsets (git-fixes).\n- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).\n- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).\n- NFS: Do not skip directory entries when doing uncached readdir (git-fixes).\n- NFS: Fix another issue with a list iterator pointing to the head (git-fixes).\n- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).\n- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).\n- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).\n- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).\n- ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758).\n- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15288, jsc#ECO-2990).\n- powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes).\n- powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609).\n- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jec#SLE-23780).\n- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).\n- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).\n- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jec#SLE-23780).\n- powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).\n- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).\n- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).\n- powerpc/xive: fix return value of __setup handler (bsc#1065729).\n- printk: Add panic_in_progress helper (bsc#1197894).\n- printk: disable optimistic spin during panic (bsc#1197894).\n- qed: select CONFIG_CRC32 (git-fixes).\n- quota: correct error number in free_dqentry() (bsc#1194590).\n- RDMA/addr: Be strict with gid size (git-fixes)\n- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)\n- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)\n- RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes)\n- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)\n- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)\n- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)\n- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes)\n- RDMA/core: Do not infoleak GRH fields (git-fixes)\n- RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes)\n- RDMA/cxgb4: add missing qpid increment (git-fixes)\n- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)\n- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)\n- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)\n- RDMA/cxgb4: Set queue pair state when being queried (git-fixes)\n- RDMA/cxgb4: Validate the number of CQEs (git-fixes)\n- RDMA/hns: Add a check for current state before modifying QP (git-fixes)\n- RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes)\n- RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes)\n- RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes)\n- RDMA/hns: Validate the pkey index (git-fixes)\n- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)\n- RDMA/ib_srp: Fix a deadlock (git-fixes)\n- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)\n- RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes)\n- RDMA/mlx4: Return missed an error if device does not support steering (git-fixes)\n- RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes)\n- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)\n- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)\n- RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes)\n- RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes)\n- RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages() (git-fixes)\n- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)\n- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)\n- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)\n- RDMA/rxe: Compute PSN windows correctly (git-fixes)\n- RDMA/rxe: Correct skb on loopback path (git-fixes)\n- RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes)\n- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)\n- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)\n- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)\n- RDMA/rxe: Fix failure during driver load (git-fixes)\n- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)\n- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)\n- RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes)\n- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)\n- RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes)\n- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)\n- RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes)\n- RDMA/rxe: Remove rxe_link_layer() (git-fixes)\n- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)\n- RDMA/ucma: Fix locking for ctx->events_reported (git-fixes)\n- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)\n- RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes)\n- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)\n- s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes).\n- s390/disassembler: increase ebpf disasm buffer size (git-fixes).\n- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).\n- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).\n- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).\n- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).\n- scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).\n- scsi: lpfc: Fix typos in comments (bsc#1197675).\n- scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).\n- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).\n- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).\n- scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).\n- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).\n- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).\n- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).\n- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).\n- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).\n- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).\n- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).\n- scsi: lpfc: Use fc_block_rport() (bsc#1197675).\n- scsi: lpfc: Use kcalloc() (bsc#1197675).\n- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).\n- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).\n- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).\n- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).\n- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).\n- scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).\n- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).\n- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).\n- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).\n- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).\n- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).\n- scsi: qla2xxx: Fix typos in comments (bsc#1197661).\n- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).\n- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).\n- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).\n- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).\n- scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).\n- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).\n- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).\n- sr9700: sanity check for packet length (bsc#1196836).\n- SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).\n- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).\n- SUNRPC: Fix transport accounting when caller specifies an rpc_xprt (bsc#1197531).\n- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).\n- tcp: change source port randomizarion at connect() time (bsc#1180153).\n- tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541).\n- tracing: Fix return value of __setup handlers (git-fixes).\n- USB: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes).\n- USB: chipidea: fix interrupt deadlock (git-fixes).\n- USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes).\n- USB: ftdi-elan: fix memory leak on device disconnect (git-fixes).\n- USB: host: xen-hcd: add missing unlock in error path (git-fixes).\n- USB: host: xhci-rcar: Do not reload firmware after the completion (git-fixes).\n- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).\n- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).\n- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).\n- USB: serial: option: add support for DW5829e (git-fixes).\n- USB: serial: option: add Telit LE910R1 compositions (git-fixes).\n- USB: serial: option: add ZTE MF286D modem (git-fixes).\n- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).\n- USB: zaurus: support another broken Zaurus (git-fixes).\n- virtio_net: Fix recursive call to cpus_read_lock() (git-fixes).\n- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1114648).\n- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1114648).\n- xen/gntdev: update to new mmu_notifier semantic (bsc#1184207).\n- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).\n- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).\n- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes).\n- xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).\n- xhci: re-initialize the HC during resume if HCE was set (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-1266,SUSE-SLE-SERVER-12-SP5-2022-1266", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1266-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:1266-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20221266-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:1266-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010754.html", }, { category: "self", summary: "SUSE Bug 1065729", url: "https://bugzilla.suse.com/1065729", }, { category: "self", summary: "SUSE Bug 1114648", url: "https://bugzilla.suse.com/1114648", }, { category: "self", summary: "SUSE Bug 1180153", url: "https://bugzilla.suse.com/1180153", }, { category: "self", summary: "SUSE Bug 1184207", url: "https://bugzilla.suse.com/1184207", }, { category: "self", summary: "SUSE Bug 1189562", url: "https://bugzilla.suse.com/1189562", }, { category: "self", summary: "SUSE Bug 1191428", url: "https://bugzilla.suse.com/1191428", }, { category: "self", summary: "SUSE Bug 1191451", url: "https://bugzilla.suse.com/1191451", }, { category: "self", summary: "SUSE Bug 1192273", url: "https://bugzilla.suse.com/1192273", }, { category: "self", summary: "SUSE Bug 1193738", url: "https://bugzilla.suse.com/1193738", }, { category: "self", summary: "SUSE Bug 1194163", url: "https://bugzilla.suse.com/1194163", }, { category: "self", summary: "SUSE Bug 1194541", url: "https://bugzilla.suse.com/1194541", }, { category: "self", summary: "SUSE Bug 1194580", url: "https://bugzilla.suse.com/1194580", }, { category: "self", summary: "SUSE Bug 1194586", url: "https://bugzilla.suse.com/1194586", }, { category: "self", summary: "SUSE Bug 1194590", url: "https://bugzilla.suse.com/1194590", }, { category: "self", summary: "SUSE Bug 1194591", url: "https://bugzilla.suse.com/1194591", }, { category: "self", summary: "SUSE Bug 1194943", url: "https://bugzilla.suse.com/1194943", }, { category: "self", summary: "SUSE Bug 1195051", url: "https://bugzilla.suse.com/1195051", }, { category: "self", summary: "SUSE Bug 1195353", url: "https://bugzilla.suse.com/1195353", }, { category: "self", summary: "SUSE Bug 1195403", url: "https://bugzilla.suse.com/1195403", }, { category: "self", summary: "SUSE Bug 1195480", url: "https://bugzilla.suse.com/1195480", }, { category: "self", summary: "SUSE Bug 1195482", url: "https://bugzilla.suse.com/1195482", }, { category: "self", summary: "SUSE Bug 1196018", url: "https://bugzilla.suse.com/1196018", }, { category: "self", summary: "SUSE Bug 1196114", url: "https://bugzilla.suse.com/1196114", }, { category: "self", summary: "SUSE Bug 1196339", url: "https://bugzilla.suse.com/1196339", }, { category: "self", summary: "SUSE Bug 1196367", url: "https://bugzilla.suse.com/1196367", }, { category: "self", summary: "SUSE Bug 1196468", url: "https://bugzilla.suse.com/1196468", }, { category: "self", summary: "SUSE Bug 1196478", url: "https://bugzilla.suse.com/1196478", }, { category: "self", summary: "SUSE Bug 1196488", url: "https://bugzilla.suse.com/1196488", }, { category: "self", summary: "SUSE Bug 1196514", url: "https://bugzilla.suse.com/1196514", }, { category: "self", summary: "SUSE Bug 1196639", url: "https://bugzilla.suse.com/1196639", }, { category: "self", summary: "SUSE Bug 1196723", url: "https://bugzilla.suse.com/1196723", }, { category: "self", summary: "SUSE Bug 1196761", url: "https://bugzilla.suse.com/1196761", }, { category: "self", summary: "SUSE Bug 1196830", url: "https://bugzilla.suse.com/1196830", }, { category: "self", summary: "SUSE Bug 1196836", url: "https://bugzilla.suse.com/1196836", }, { category: "self", summary: "SUSE Bug 1196942", url: "https://bugzilla.suse.com/1196942", }, { category: "self", summary: "SUSE Bug 1196973", url: "https://bugzilla.suse.com/1196973", }, { category: "self", summary: "SUSE Bug 1196999", url: "https://bugzilla.suse.com/1196999", }, { category: "self", summary: "SUSE Bug 1197099", url: "https://bugzilla.suse.com/1197099", }, { category: "self", summary: "SUSE Bug 1197227", url: "https://bugzilla.suse.com/1197227", }, { category: "self", summary: "SUSE Bug 1197331", url: "https://bugzilla.suse.com/1197331", }, { category: "self", summary: "SUSE Bug 1197366", url: "https://bugzilla.suse.com/1197366", }, { category: "self", summary: "SUSE Bug 1197391", url: "https://bugzilla.suse.com/1197391", }, { category: "self", summary: "SUSE Bug 1197462", url: "https://bugzilla.suse.com/1197462", }, { category: "self", summary: "SUSE Bug 1197531", url: "https://bugzilla.suse.com/1197531", }, { category: "self", summary: "SUSE Bug 1197661", url: "https://bugzilla.suse.com/1197661", }, { category: "self", summary: "SUSE Bug 1197675", url: "https://bugzilla.suse.com/1197675", }, { category: "self", summary: "SUSE Bug 1197754", url: "https://bugzilla.suse.com/1197754", }, { category: "self", summary: "SUSE Bug 1197755", url: "https://bugzilla.suse.com/1197755", }, { category: "self", summary: "SUSE Bug 1197756", url: "https://bugzilla.suse.com/1197756", }, { category: "self", summary: "SUSE Bug 1197757", url: "https://bugzilla.suse.com/1197757", }, { category: "self", summary: "SUSE Bug 1197758", url: "https://bugzilla.suse.com/1197758", }, { category: "self", summary: "SUSE Bug 1197760", url: "https://bugzilla.suse.com/1197760", }, { category: "self", summary: "SUSE Bug 1197763", url: "https://bugzilla.suse.com/1197763", }, { category: "self", summary: "SUSE Bug 1197806", url: "https://bugzilla.suse.com/1197806", }, { category: "self", summary: "SUSE Bug 1197894", url: "https://bugzilla.suse.com/1197894", }, { category: "self", summary: "SUSE Bug 1198031", url: "https://bugzilla.suse.com/1198031", }, { category: "self", summary: "SUSE Bug 1198032", url: "https://bugzilla.suse.com/1198032", }, { category: "self", summary: "SUSE Bug 1198033", url: "https://bugzilla.suse.com/1198033", }, { category: "self", summary: "SUSE CVE CVE-2021-39713 page", url: "https://www.suse.com/security/cve/CVE-2021-39713/", }, { category: "self", summary: "SUSE CVE CVE-2021-45868 page", url: "https://www.suse.com/security/cve/CVE-2021-45868/", }, { category: "self", summary: "SUSE CVE CVE-2022-0812 page", url: "https://www.suse.com/security/cve/CVE-2022-0812/", }, { category: "self", summary: "SUSE CVE CVE-2022-0850 page", url: "https://www.suse.com/security/cve/CVE-2022-0850/", }, { category: "self", summary: "SUSE CVE CVE-2022-1016 page", url: "https://www.suse.com/security/cve/CVE-2022-1016/", }, { category: "self", summary: "SUSE CVE CVE-2022-1048 page", url: "https://www.suse.com/security/cve/CVE-2022-1048/", }, { category: "self", summary: "SUSE CVE CVE-2022-23036 page", url: "https://www.suse.com/security/cve/CVE-2022-23036/", }, { category: "self", summary: "SUSE CVE CVE-2022-23037 page", url: "https://www.suse.com/security/cve/CVE-2022-23037/", }, { category: "self", summary: "SUSE CVE CVE-2022-23038 page", url: "https://www.suse.com/security/cve/CVE-2022-23038/", }, { category: "self", summary: "SUSE CVE CVE-2022-23039 page", url: "https://www.suse.com/security/cve/CVE-2022-23039/", }, { category: "self", summary: "SUSE CVE CVE-2022-23040 page", url: "https://www.suse.com/security/cve/CVE-2022-23040/", }, { category: "self", summary: "SUSE CVE CVE-2022-23041 page", url: "https://www.suse.com/security/cve/CVE-2022-23041/", }, { category: "self", summary: "SUSE CVE CVE-2022-23042 page", url: "https://www.suse.com/security/cve/CVE-2022-23042/", }, { category: "self", summary: "SUSE CVE CVE-2022-26490 page", url: "https://www.suse.com/security/cve/CVE-2022-26490/", }, { category: "self", summary: "SUSE CVE CVE-2022-26966 page", url: "https://www.suse.com/security/cve/CVE-2022-26966/", }, { category: "self", summary: "SUSE CVE CVE-2022-27666 page", url: "https://www.suse.com/security/cve/CVE-2022-27666/", }, { category: "self", summary: "SUSE CVE CVE-2022-28356 page", url: "https://www.suse.com/security/cve/CVE-2022-28356/", }, { category: "self", summary: "SUSE CVE CVE-2022-28388 page", url: "https://www.suse.com/security/cve/CVE-2022-28388/", }, { category: "self", summary: "SUSE CVE CVE-2022-28389 page", url: "https://www.suse.com/security/cve/CVE-2022-28389/", }, { category: "self", summary: "SUSE CVE CVE-2022-28390 page", url: "https://www.suse.com/security/cve/CVE-2022-28390/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2022-04-19T13:25:20Z", generator: { date: "2022-04-19T13:25:20Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:1266-1", initial_release_date: "2022-04-19T13:25:20Z", revision_history: [ { date: "2022-04-19T13:25:20Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-azure-4.12.14-16.94.1.noarch", product: { name: "kernel-devel-azure-4.12.14-16.94.1.noarch", product_id: "kernel-devel-azure-4.12.14-16.94.1.noarch", }, }, { category: "product_version", name: "kernel-source-azure-4.12.14-16.94.1.noarch", product: { name: "kernel-source-azure-4.12.14-16.94.1.noarch", product_id: "kernel-source-azure-4.12.14-16.94.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-azure-4.12.14-16.94.1.x86_64", product: { name: "cluster-md-kmp-azure-4.12.14-16.94.1.x86_64", product_id: "cluster-md-kmp-azure-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-azure-4.12.14-16.94.1.x86_64", product: { name: "dlm-kmp-azure-4.12.14-16.94.1.x86_64", product_id: "dlm-kmp-azure-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-azure-4.12.14-16.94.1.x86_64", product: { name: "gfs2-kmp-azure-4.12.14-16.94.1.x86_64", product_id: "gfs2-kmp-azure-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-4.12.14-16.94.1.x86_64", product: { name: "kernel-azure-4.12.14-16.94.1.x86_64", product_id: "kernel-azure-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-base-4.12.14-16.94.1.x86_64", product: { name: "kernel-azure-base-4.12.14-16.94.1.x86_64", product_id: "kernel-azure-base-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-devel-4.12.14-16.94.1.x86_64", product: { name: "kernel-azure-devel-4.12.14-16.94.1.x86_64", product_id: "kernel-azure-devel-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-extra-4.12.14-16.94.1.x86_64", product: { name: "kernel-azure-extra-4.12.14-16.94.1.x86_64", product_id: "kernel-azure-extra-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-kgraft-devel-4.12.14-16.94.1.x86_64", product: { name: "kernel-azure-kgraft-devel-4.12.14-16.94.1.x86_64", product_id: "kernel-azure-kgraft-devel-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-azure-4.12.14-16.94.1.x86_64", product: { name: "kernel-syms-azure-4.12.14-16.94.1.x86_64", product_id: "kernel-syms-azure-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-azure-4.12.14-16.94.1.x86_64", product: { name: "kselftests-kmp-azure-4.12.14-16.94.1.x86_64", product_id: "kselftests-kmp-azure-4.12.14-16.94.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-azure-4.12.14-16.94.1.x86_64", product: { name: "ocfs2-kmp-azure-4.12.14-16.94.1.x86_64", product_id: "ocfs2-kmp-azure-4.12.14-16.94.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-azure-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-azure-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-azure-base-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-azure-devel-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.12.14-16.94.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", }, product_reference: "kernel-devel-azure-4.12.14-16.94.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.12.14-16.94.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", }, product_reference: "kernel-source-azure-4.12.14-16.94.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-syms-azure-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-azure-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-azure-base-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-azure-devel-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.12.14-16.94.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", }, product_reference: "kernel-devel-azure-4.12.14-16.94.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.12.14-16.94.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", }, product_reference: "kernel-source-azure-4.12.14-16.94.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.12.14-16.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", }, product_reference: "kernel-syms-azure-4.12.14-16.94.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2021-39713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-39713", }, ], notes: [ { category: "general", text: "Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-39713", url: "https://www.suse.com/security/cve/CVE-2021-39713", }, { category: "external", summary: "SUSE Bug 1196973 for CVE-2021-39713", url: "https://bugzilla.suse.com/1196973", }, { category: "external", summary: "SUSE Bug 1197211 for CVE-2021-39713", url: "https://bugzilla.suse.com/1197211", }, { category: "external", summary: "SUSE Bug 1201790 for CVE-2021-39713", url: "https://bugzilla.suse.com/1201790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2021-39713", }, { cve: "CVE-2021-45868", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-45868", }, ], notes: [ { category: "general", text: "In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-45868", url: "https://www.suse.com/security/cve/CVE-2021-45868", }, { category: "external", summary: "SUSE Bug 1197366 for CVE-2021-45868", url: "https://bugzilla.suse.com/1197366", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2021-45868", }, { cve: "CVE-2022-0812", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0812", }, ], notes: [ { category: "general", text: "An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0812", url: "https://www.suse.com/security/cve/CVE-2022-0812", }, { category: "external", summary: "SUSE Bug 1196639 for CVE-2022-0812", url: "https://bugzilla.suse.com/1196639", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2022-0812", }, { cve: "CVE-2022-0850", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0850", }, ], notes: [ { category: "general", text: "A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0850", url: "https://www.suse.com/security/cve/CVE-2022-0850", }, { category: "external", summary: "SUSE Bug 1196761 for CVE-2022-0850", url: "https://bugzilla.suse.com/1196761", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2022-0850", }, { cve: "CVE-2022-1016", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1016", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1016", url: "https://www.suse.com/security/cve/CVE-2022-1016", }, { category: "external", summary: "SUSE Bug 1197335 for CVE-2022-1016", url: "https://bugzilla.suse.com/1197335", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-1016", }, { cve: "CVE-2022-1048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1048", }, ], notes: [ { category: "general", text: "A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1048", url: "https://www.suse.com/security/cve/CVE-2022-1048", }, { category: "external", summary: "SUSE Bug 1197331 for CVE-2022-1048", url: "https://bugzilla.suse.com/1197331", }, { category: "external", summary: "SUSE Bug 1197597 for CVE-2022-1048", url: "https://bugzilla.suse.com/1197597", }, { category: "external", summary: "SUSE Bug 1200041 for CVE-2022-1048", url: "https://bugzilla.suse.com/1200041", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-1048", url: "https://bugzilla.suse.com/1204132", }, { category: "external", summary: "SUSE Bug 1212325 for CVE-2022-1048", url: "https://bugzilla.suse.com/1212325", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-1048", }, { cve: "CVE-2022-23036", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23036", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23036", url: "https://www.suse.com/security/cve/CVE-2022-23036", }, { category: "external", summary: "SUSE Bug 1196488 for CVE-2022-23036", url: "https://bugzilla.suse.com/1196488", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23036", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23036", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23036", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-23036", }, { cve: "CVE-2022-23037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23037", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23037", url: "https://www.suse.com/security/cve/CVE-2022-23037", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23037", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23037", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23037", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-23037", }, { cve: "CVE-2022-23038", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23038", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23038", url: "https://www.suse.com/security/cve/CVE-2022-23038", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23038", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23038", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23038", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-23038", }, { cve: "CVE-2022-23039", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23039", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23039", url: "https://www.suse.com/security/cve/CVE-2022-23039", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23039", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23039", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23039", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-23039", }, { cve: "CVE-2022-23040", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23040", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23040", url: "https://www.suse.com/security/cve/CVE-2022-23040", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23040", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23040", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23040", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-23040", }, { cve: "CVE-2022-23041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23041", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23041", url: "https://www.suse.com/security/cve/CVE-2022-23041", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23041", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23041", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23041", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-23041", }, { cve: "CVE-2022-23042", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23042", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23042", url: "https://www.suse.com/security/cve/CVE-2022-23042", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23042", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23042", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23042", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-23042", }, { cve: "CVE-2022-26490", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-26490", }, ], notes: [ { category: "general", text: "st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-26490", url: "https://www.suse.com/security/cve/CVE-2022-26490", }, { category: "external", summary: "SUSE Bug 1196830 for CVE-2022-26490", url: "https://bugzilla.suse.com/1196830", }, { category: "external", summary: "SUSE Bug 1201656 for CVE-2022-26490", url: "https://bugzilla.suse.com/1201656", }, { category: "external", summary: "SUSE Bug 1201969 for CVE-2022-26490", url: "https://bugzilla.suse.com/1201969", }, { category: "external", summary: "SUSE Bug 1211495 for CVE-2022-26490", url: "https://bugzilla.suse.com/1211495", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-26490", }, { cve: "CVE-2022-26966", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-26966", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-26966", url: "https://www.suse.com/security/cve/CVE-2022-26966", }, { category: "external", summary: "SUSE Bug 1196836 for CVE-2022-26966", url: "https://bugzilla.suse.com/1196836", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2022-26966", }, { cve: "CVE-2022-27666", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27666", }, ], notes: [ { category: "general", text: "A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-27666", url: "https://www.suse.com/security/cve/CVE-2022-27666", }, { category: "external", summary: "SUSE Bug 1197131 for CVE-2022-27666", url: "https://bugzilla.suse.com/1197131", }, { category: "external", summary: "SUSE Bug 1197133 for CVE-2022-27666", url: "https://bugzilla.suse.com/1197133", }, { category: "external", summary: "SUSE Bug 1197462 for CVE-2022-27666", url: "https://bugzilla.suse.com/1197462", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "important", }, ], title: "CVE-2022-27666", }, { cve: "CVE-2022-28356", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28356", }, ], notes: [ { category: "general", text: "In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28356", url: "https://www.suse.com/security/cve/CVE-2022-28356", }, { category: "external", summary: "SUSE Bug 1197391 for CVE-2022-28356", url: "https://bugzilla.suse.com/1197391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2022-28356", }, { cve: "CVE-2022-28388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28388", }, ], notes: [ { category: "general", text: "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28388", url: "https://www.suse.com/security/cve/CVE-2022-28388", }, { category: "external", summary: "SUSE Bug 1198032 for CVE-2022-28388", url: "https://bugzilla.suse.com/1198032", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2022-28388", }, { cve: "CVE-2022-28389", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28389", }, ], notes: [ { category: "general", text: "mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28389", url: "https://www.suse.com/security/cve/CVE-2022-28389", }, { category: "external", summary: "SUSE Bug 1198033 for CVE-2022-28389", url: "https://bugzilla.suse.com/1198033", }, { category: "external", summary: "SUSE Bug 1201657 for CVE-2022-28389", url: "https://bugzilla.suse.com/1201657", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2022-28389", }, { cve: "CVE-2022-28390", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28390", }, ], notes: [ { category: "general", text: "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28390", url: "https://www.suse.com/security/cve/CVE-2022-28390", }, { category: "external", summary: "SUSE Bug 1198031 for CVE-2022-28390", url: "https://bugzilla.suse.com/1198031", }, { category: "external", summary: "SUSE Bug 1201517 for CVE-2022-28390", url: "https://bugzilla.suse.com/1201517", }, { category: "external", summary: "SUSE Bug 1207969 for CVE-2022-28390", url: "https://bugzilla.suse.com/1207969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.94.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.94.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.94.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T13:25:20Z", details: "moderate", }, ], title: "CVE-2022-28390", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.