SUSE-SU-2022:2840-1
Vulnerability from csaf_suse - Published: 2022-08-18 07:51 - Updated: 2022-08-18 07:51Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-15393: CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
Patchnames: SUSE-2022-2840,SUSE-SLE-SERVER-12-SP3-BCL-2022-2840
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-15393: CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).\n- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).\n- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).\n- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).\n- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).\n- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)\n- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).\n- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598).\n- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).\n- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).\n- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).\n\nThe following non-security bugs were fixed:\n\n- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).\n- kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2840,SUSE-SLE-SERVER-12-SP3-BCL-2022-2840",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2840-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2840-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222840-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2840-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011942.html"
},
{
"category": "self",
"summary": "SUSE Bug 1173514",
"url": "https://bugzilla.suse.com/1173514"
},
{
"category": "self",
"summary": "SUSE Bug 1196973",
"url": "https://bugzilla.suse.com/1196973"
},
{
"category": "self",
"summary": "SUSE Bug 1198829",
"url": "https://bugzilla.suse.com/1198829"
},
{
"category": "self",
"summary": "SUSE Bug 1200598",
"url": "https://bugzilla.suse.com/1200598"
},
{
"category": "self",
"summary": "SUSE Bug 1200762",
"url": "https://bugzilla.suse.com/1200762"
},
{
"category": "self",
"summary": "SUSE Bug 1200910",
"url": "https://bugzilla.suse.com/1200910"
},
{
"category": "self",
"summary": "SUSE Bug 1201251",
"url": "https://bugzilla.suse.com/1201251"
},
{
"category": "self",
"summary": "SUSE Bug 1201429",
"url": "https://bugzilla.suse.com/1201429"
},
{
"category": "self",
"summary": "SUSE Bug 1201635",
"url": "https://bugzilla.suse.com/1201635"
},
{
"category": "self",
"summary": "SUSE Bug 1201636",
"url": "https://bugzilla.suse.com/1201636"
},
{
"category": "self",
"summary": "SUSE Bug 1201930",
"url": "https://bugzilla.suse.com/1201930"
},
{
"category": "self",
"summary": "SUSE Bug 1201940",
"url": "https://bugzilla.suse.com/1201940"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15393 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36557 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36558 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33655 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33655/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33656 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39713 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1462 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-20166 page",
"url": "https://www.suse.com/security/cve/CVE-2022-20166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2318 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26365 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33740 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33741 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33742 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-36946 page",
"url": "https://www.suse.com/security/cve/CVE-2022-36946/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-08-18T07:51:29Z",
"generator": {
"date": "2022-08-18T07:51:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2840-1",
"initial_release_date": "2022-08-18T07:51:29Z",
"revision_history": [
{
"date": "2022-08-18T07:51:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.4.180-94.171.1.aarch64",
"product": {
"name": "cluster-md-kmp-default-4.4.180-94.171.1.aarch64",
"product_id": "cluster-md-kmp-default-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.4.180-94.171.1.aarch64",
"product": {
"name": "dlm-kmp-default-4.4.180-94.171.1.aarch64",
"product_id": "dlm-kmp-default-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.4.180-94.171.1.aarch64",
"product": {
"name": "gfs2-kmp-default-4.4.180-94.171.1.aarch64",
"product_id": "gfs2-kmp-default-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-default-4.4.180-94.171.1.aarch64",
"product_id": "kernel-default-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-default-base-4.4.180-94.171.1.aarch64",
"product_id": "kernel-default-base-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-default-devel-4.4.180-94.171.1.aarch64",
"product_id": "kernel-default-devel-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-default-extra-4.4.180-94.171.1.aarch64",
"product_id": "kernel-default-extra-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-default-kgraft-4.4.180-94.171.1.aarch64",
"product_id": "kernel-default-kgraft-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-obs-build-4.4.180-94.171.1.aarch64",
"product_id": "kernel-obs-build-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-obs-qa-4.4.180-94.171.1.aarch64",
"product_id": "kernel-obs-qa-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-syms-4.4.180-94.171.1.aarch64",
"product_id": "kernel-syms-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-vanilla-4.4.180-94.171.1.aarch64",
"product_id": "kernel-vanilla-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-vanilla-base-4.4.180-94.171.1.aarch64",
"product_id": "kernel-vanilla-base-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.4.180-94.171.1.aarch64",
"product": {
"name": "kernel-vanilla-devel-4.4.180-94.171.1.aarch64",
"product_id": "kernel-vanilla-devel-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.4.180-94.171.1.aarch64",
"product": {
"name": "kselftests-kmp-default-4.4.180-94.171.1.aarch64",
"product_id": "kselftests-kmp-default-4.4.180-94.171.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.4.180-94.171.1.aarch64",
"product": {
"name": "ocfs2-kmp-default-4.4.180-94.171.1.aarch64",
"product_id": "ocfs2-kmp-default-4.4.180-94.171.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.4.180-94.171.1.noarch",
"product": {
"name": "kernel-devel-4.4.180-94.171.1.noarch",
"product_id": "kernel-devel-4.4.180-94.171.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.4.180-94.171.2.noarch",
"product": {
"name": "kernel-docs-4.4.180-94.171.2.noarch",
"product_id": "kernel-docs-4.4.180-94.171.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.4.180-94.171.2.noarch",
"product": {
"name": "kernel-docs-html-4.4.180-94.171.2.noarch",
"product_id": "kernel-docs-html-4.4.180-94.171.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-pdf-4.4.180-94.171.2.noarch",
"product": {
"name": "kernel-docs-pdf-4.4.180-94.171.2.noarch",
"product_id": "kernel-docs-pdf-4.4.180-94.171.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.4.180-94.171.1.noarch",
"product": {
"name": "kernel-macros-4.4.180-94.171.1.noarch",
"product_id": "kernel-macros-4.4.180-94.171.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.4.180-94.171.1.noarch",
"product": {
"name": "kernel-source-4.4.180-94.171.1.noarch",
"product_id": "kernel-source-4.4.180-94.171.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.4.180-94.171.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.4.180-94.171.1.noarch",
"product_id": "kernel-source-vanilla-4.4.180-94.171.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-debug-4.4.180-94.171.1.ppc64le",
"product": {
"name": "cluster-md-kmp-debug-4.4.180-94.171.1.ppc64le",
"product_id": "cluster-md-kmp-debug-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.4.180-94.171.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-4.4.180-94.171.1.ppc64le",
"product_id": "cluster-md-kmp-default-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-debug-4.4.180-94.171.1.ppc64le",
"product": {
"name": "dlm-kmp-debug-4.4.180-94.171.1.ppc64le",
"product_id": "dlm-kmp-debug-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.4.180-94.171.1.ppc64le",
"product": {
"name": "dlm-kmp-default-4.4.180-94.171.1.ppc64le",
"product_id": "dlm-kmp-default-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-debug-4.4.180-94.171.1.ppc64le",
"product": {
"name": "gfs2-kmp-debug-4.4.180-94.171.1.ppc64le",
"product_id": "gfs2-kmp-debug-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.4.180-94.171.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-4.4.180-94.171.1.ppc64le",
"product_id": "gfs2-kmp-default-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-debug-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-debug-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-debug-base-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-debug-base-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-debug-devel-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-debug-devel-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-debug-extra-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-debug-extra-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-kgraft-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-debug-kgraft-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-debug-kgraft-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-default-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-default-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-default-base-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-default-base-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-default-devel-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-default-devel-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-default-extra-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-default-extra-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-default-kgraft-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-default-kgraft-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-obs-build-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-obs-build-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-obs-qa-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-obs-qa-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-syms-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-syms-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-vanilla-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-vanilla-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-vanilla-base-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-vanilla-base-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kernel-vanilla-devel-4.4.180-94.171.1.ppc64le",
"product_id": "kernel-vanilla-devel-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-debug-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kselftests-kmp-debug-4.4.180-94.171.1.ppc64le",
"product_id": "kselftests-kmp-debug-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.4.180-94.171.1.ppc64le",
"product": {
"name": "kselftests-kmp-default-4.4.180-94.171.1.ppc64le",
"product_id": "kselftests-kmp-default-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-debug-4.4.180-94.171.1.ppc64le",
"product": {
"name": "ocfs2-kmp-debug-4.4.180-94.171.1.ppc64le",
"product_id": "ocfs2-kmp-debug-4.4.180-94.171.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.4.180-94.171.1.ppc64le",
"product": {
"name": "ocfs2-kmp-default-4.4.180-94.171.1.ppc64le",
"product_id": "ocfs2-kmp-default-4.4.180-94.171.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.4.180-94.171.1.s390x",
"product": {
"name": "cluster-md-kmp-default-4.4.180-94.171.1.s390x",
"product_id": "cluster-md-kmp-default-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.4.180-94.171.1.s390x",
"product": {
"name": "dlm-kmp-default-4.4.180-94.171.1.s390x",
"product_id": "dlm-kmp-default-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.4.180-94.171.1.s390x",
"product": {
"name": "gfs2-kmp-default-4.4.180-94.171.1.s390x",
"product_id": "gfs2-kmp-default-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-default-4.4.180-94.171.1.s390x",
"product_id": "kernel-default-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-default-base-4.4.180-94.171.1.s390x",
"product_id": "kernel-default-base-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-default-devel-4.4.180-94.171.1.s390x",
"product_id": "kernel-default-devel-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-default-extra-4.4.180-94.171.1.s390x",
"product_id": "kernel-default-extra-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-default-kgraft-4.4.180-94.171.1.s390x",
"product_id": "kernel-default-kgraft-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-man-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-default-man-4.4.180-94.171.1.s390x",
"product_id": "kernel-default-man-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-obs-build-4.4.180-94.171.1.s390x",
"product_id": "kernel-obs-build-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-obs-qa-4.4.180-94.171.1.s390x",
"product_id": "kernel-obs-qa-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-syms-4.4.180-94.171.1.s390x",
"product_id": "kernel-syms-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-vanilla-4.4.180-94.171.1.s390x",
"product_id": "kernel-vanilla-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-vanilla-base-4.4.180-94.171.1.s390x",
"product_id": "kernel-vanilla-base-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-vanilla-devel-4.4.180-94.171.1.s390x",
"product_id": "kernel-vanilla-devel-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-4.4.180-94.171.1.s390x",
"product": {
"name": "kernel-zfcpdump-4.4.180-94.171.1.s390x",
"product_id": "kernel-zfcpdump-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.4.180-94.171.1.s390x",
"product": {
"name": "kselftests-kmp-default-4.4.180-94.171.1.s390x",
"product_id": "kselftests-kmp-default-4.4.180-94.171.1.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.4.180-94.171.1.s390x",
"product": {
"name": "ocfs2-kmp-default-4.4.180-94.171.1.s390x",
"product_id": "ocfs2-kmp-default-4.4.180-94.171.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-debug-4.4.180-94.171.1.x86_64",
"product": {
"name": "cluster-md-kmp-debug-4.4.180-94.171.1.x86_64",
"product_id": "cluster-md-kmp-debug-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.4.180-94.171.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-4.4.180-94.171.1.x86_64",
"product_id": "cluster-md-kmp-default-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-debug-4.4.180-94.171.1.x86_64",
"product": {
"name": "dlm-kmp-debug-4.4.180-94.171.1.x86_64",
"product_id": "dlm-kmp-debug-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.4.180-94.171.1.x86_64",
"product": {
"name": "dlm-kmp-default-4.4.180-94.171.1.x86_64",
"product_id": "dlm-kmp-default-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-debug-4.4.180-94.171.1.x86_64",
"product": {
"name": "gfs2-kmp-debug-4.4.180-94.171.1.x86_64",
"product_id": "gfs2-kmp-debug-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.4.180-94.171.1.x86_64",
"product": {
"name": "gfs2-kmp-default-4.4.180-94.171.1.x86_64",
"product_id": "gfs2-kmp-default-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-debug-4.4.180-94.171.1.x86_64",
"product_id": "kernel-debug-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-debug-base-4.4.180-94.171.1.x86_64",
"product_id": "kernel-debug-base-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-debug-devel-4.4.180-94.171.1.x86_64",
"product_id": "kernel-debug-devel-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-debug-extra-4.4.180-94.171.1.x86_64",
"product_id": "kernel-debug-extra-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-kgraft-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-debug-kgraft-4.4.180-94.171.1.x86_64",
"product_id": "kernel-debug-kgraft-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-default-4.4.180-94.171.1.x86_64",
"product_id": "kernel-default-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-default-base-4.4.180-94.171.1.x86_64",
"product_id": "kernel-default-base-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-default-devel-4.4.180-94.171.1.x86_64",
"product_id": "kernel-default-devel-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-default-extra-4.4.180-94.171.1.x86_64",
"product_id": "kernel-default-extra-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-default-kgraft-4.4.180-94.171.1.x86_64",
"product_id": "kernel-default-kgraft-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-obs-build-4.4.180-94.171.1.x86_64",
"product_id": "kernel-obs-build-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-obs-qa-4.4.180-94.171.1.x86_64",
"product_id": "kernel-obs-qa-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-syms-4.4.180-94.171.1.x86_64",
"product_id": "kernel-syms-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-vanilla-4.4.180-94.171.1.x86_64",
"product_id": "kernel-vanilla-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-vanilla-base-4.4.180-94.171.1.x86_64",
"product_id": "kernel-vanilla-base-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.4.180-94.171.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.4.180-94.171.1.x86_64",
"product_id": "kernel-vanilla-devel-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-debug-4.4.180-94.171.1.x86_64",
"product": {
"name": "kselftests-kmp-debug-4.4.180-94.171.1.x86_64",
"product_id": "kselftests-kmp-debug-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.4.180-94.171.1.x86_64",
"product": {
"name": "kselftests-kmp-default-4.4.180-94.171.1.x86_64",
"product_id": "kselftests-kmp-default-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-debug-4.4.180-94.171.1.x86_64",
"product": {
"name": "ocfs2-kmp-debug-4.4.180-94.171.1.x86_64",
"product_id": "ocfs2-kmp-debug-4.4.180-94.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.4.180-94.171.1.x86_64",
"product": {
"name": "ocfs2-kmp-default-4.4.180-94.171.1.x86_64",
"product_id": "ocfs2-kmp-default-4.4.180-94.171.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.4.180-94.171.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64"
},
"product_reference": "kernel-default-4.4.180-94.171.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.4.180-94.171.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64"
},
"product_reference": "kernel-default-base-4.4.180-94.171.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.4.180-94.171.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64"
},
"product_reference": "kernel-default-devel-4.4.180-94.171.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.4.180-94.171.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch"
},
"product_reference": "kernel-devel-4.4.180-94.171.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.4.180-94.171.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch"
},
"product_reference": "kernel-macros-4.4.180-94.171.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.4.180-94.171.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch"
},
"product_reference": "kernel-source-4.4.180-94.171.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.4.180-94.171.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
},
"product_reference": "kernel-syms-4.4.180-94.171.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15393",
"url": "https://www.suse.com/security/cve/CVE-2020-15393"
},
{
"category": "external",
"summary": "SUSE Bug 1173514 for CVE-2020-15393",
"url": "https://bugzilla.suse.com/1173514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2020-15393"
},
{
"cve": "CVE-2020-36557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36557"
}
],
"notes": [
{
"category": "general",
"text": "A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36557",
"url": "https://www.suse.com/security/cve/CVE-2020-36557"
},
{
"category": "external",
"summary": "SUSE Bug 1201429 for CVE-2020-36557",
"url": "https://bugzilla.suse.com/1201429"
},
{
"category": "external",
"summary": "SUSE Bug 1201742 for CVE-2020-36557",
"url": "https://bugzilla.suse.com/1201742"
},
{
"category": "external",
"summary": "SUSE Bug 1202874 for CVE-2020-36557",
"url": "https://bugzilla.suse.com/1202874"
},
{
"category": "external",
"summary": "SUSE Bug 1205313 for CVE-2020-36557",
"url": "https://bugzilla.suse.com/1205313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "important"
}
],
"title": "CVE-2020-36557"
},
{
"cve": "CVE-2020-36558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36558"
}
],
"notes": [
{
"category": "general",
"text": "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36558",
"url": "https://www.suse.com/security/cve/CVE-2020-36558"
},
{
"category": "external",
"summary": "SUSE Bug 1200910 for CVE-2020-36558",
"url": "https://bugzilla.suse.com/1200910"
},
{
"category": "external",
"summary": "SUSE Bug 1201752 for CVE-2020-36558",
"url": "https://bugzilla.suse.com/1201752"
},
{
"category": "external",
"summary": "SUSE Bug 1205313 for CVE-2020-36558",
"url": "https://bugzilla.suse.com/1205313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "important"
}
],
"title": "CVE-2020-36558"
},
{
"cve": "CVE-2021-33655",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33655"
}
],
"notes": [
{
"category": "general",
"text": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33655",
"url": "https://www.suse.com/security/cve/CVE-2021-33655"
},
{
"category": "external",
"summary": "SUSE Bug 1201635 for CVE-2021-33655",
"url": "https://bugzilla.suse.com/1201635"
},
{
"category": "external",
"summary": "SUSE Bug 1202087 for CVE-2021-33655",
"url": "https://bugzilla.suse.com/1202087"
},
{
"category": "external",
"summary": "SUSE Bug 1205313 for CVE-2021-33655",
"url": "https://bugzilla.suse.com/1205313"
},
{
"category": "external",
"summary": "SUSE Bug 1212291 for CVE-2021-33655",
"url": "https://bugzilla.suse.com/1212291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "important"
}
],
"title": "CVE-2021-33655"
},
{
"cve": "CVE-2021-33656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33656"
}
],
"notes": [
{
"category": "general",
"text": "When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33656",
"url": "https://www.suse.com/security/cve/CVE-2021-33656"
},
{
"category": "external",
"summary": "SUSE Bug 1201636 for CVE-2021-33656",
"url": "https://bugzilla.suse.com/1201636"
},
{
"category": "external",
"summary": "SUSE Bug 1212286 for CVE-2021-33656",
"url": "https://bugzilla.suse.com/1212286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2021-33656"
},
{
"cve": "CVE-2021-39713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39713"
}
],
"notes": [
{
"category": "general",
"text": "Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39713",
"url": "https://www.suse.com/security/cve/CVE-2021-39713"
},
{
"category": "external",
"summary": "SUSE Bug 1196973 for CVE-2021-39713",
"url": "https://bugzilla.suse.com/1196973"
},
{
"category": "external",
"summary": "SUSE Bug 1197211 for CVE-2021-39713",
"url": "https://bugzilla.suse.com/1197211"
},
{
"category": "external",
"summary": "SUSE Bug 1201790 for CVE-2021-39713",
"url": "https://bugzilla.suse.com/1201790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "important"
}
],
"title": "CVE-2021-39713"
},
{
"cve": "CVE-2022-1462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1462"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read flaw was found in the Linux kernel\u0027s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1462",
"url": "https://www.suse.com/security/cve/CVE-2022-1462"
},
{
"category": "external",
"summary": "SUSE Bug 1198829 for CVE-2022-1462",
"url": "https://bugzilla.suse.com/1198829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-1462"
},
{
"cve": "CVE-2022-20166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-20166"
}
],
"notes": [
{
"category": "general",
"text": "In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-20166",
"url": "https://www.suse.com/security/cve/CVE-2022-20166"
},
{
"category": "external",
"summary": "SUSE Bug 1200598 for CVE-2022-20166",
"url": "https://bugzilla.suse.com/1200598"
},
{
"category": "external",
"summary": "SUSE Bug 1212284 for CVE-2022-20166",
"url": "https://bugzilla.suse.com/1212284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-20166"
},
{
"cve": "CVE-2022-2318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2318"
}
],
"notes": [
{
"category": "general",
"text": "There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2318",
"url": "https://www.suse.com/security/cve/CVE-2022-2318"
},
{
"category": "external",
"summary": "SUSE Bug 1201251 for CVE-2022-2318",
"url": "https://bugzilla.suse.com/1201251"
},
{
"category": "external",
"summary": "SUSE Bug 1212303 for CVE-2022-2318",
"url": "https://bugzilla.suse.com/1212303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-2318"
},
{
"cve": "CVE-2022-26365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26365"
}
],
"notes": [
{
"category": "general",
"text": "Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don\u0027t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn\u0027t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26365",
"url": "https://www.suse.com/security/cve/CVE-2022-26365"
},
{
"category": "external",
"summary": "SUSE Bug 1200762 for CVE-2022-26365",
"url": "https://bugzilla.suse.com/1200762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-26365"
},
{
"cve": "CVE-2022-33740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33740"
}
],
"notes": [
{
"category": "general",
"text": "Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don\u0027t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn\u0027t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33740",
"url": "https://www.suse.com/security/cve/CVE-2022-33740"
},
{
"category": "external",
"summary": "SUSE Bug 1200762 for CVE-2022-33740",
"url": "https://bugzilla.suse.com/1200762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-33740"
},
{
"cve": "CVE-2022-33741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33741"
}
],
"notes": [
{
"category": "general",
"text": "Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don\u0027t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn\u0027t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33741",
"url": "https://www.suse.com/security/cve/CVE-2022-33741"
},
{
"category": "external",
"summary": "SUSE Bug 1200762 for CVE-2022-33741",
"url": "https://bugzilla.suse.com/1200762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-33741"
},
{
"cve": "CVE-2022-33742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33742"
}
],
"notes": [
{
"category": "general",
"text": "Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don\u0027t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn\u0027t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33742",
"url": "https://www.suse.com/security/cve/CVE-2022-33742"
},
{
"category": "external",
"summary": "SUSE Bug 1200762 for CVE-2022-33742",
"url": "https://bugzilla.suse.com/1200762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "moderate"
}
],
"title": "CVE-2022-33742"
},
{
"cve": "CVE-2022-36946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-36946"
}
],
"notes": [
{
"category": "general",
"text": "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-\u003elen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-36946",
"url": "https://www.suse.com/security/cve/CVE-2022-36946"
},
{
"category": "external",
"summary": "SUSE Bug 1201940 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1201940"
},
{
"category": "external",
"summary": "SUSE Bug 1201941 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1201941"
},
{
"category": "external",
"summary": "SUSE Bug 1202312 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1202312"
},
{
"category": "external",
"summary": "SUSE Bug 1202874 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1202874"
},
{
"category": "external",
"summary": "SUSE Bug 1203208 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1203208"
},
{
"category": "external",
"summary": "SUSE Bug 1204132 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1204132"
},
{
"category": "external",
"summary": "SUSE Bug 1205313 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1205313"
},
{
"category": "external",
"summary": "SUSE Bug 1212310 for CVE-2022-36946",
"url": "https://bugzilla.suse.com/1212310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-base-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-default-devel-4.4.180-94.171.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-devel-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-macros-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-source-4.4.180-94.171.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:kernel-syms-4.4.180-94.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-18T07:51:29Z",
"details": "important"
}
],
"title": "CVE-2022-36946"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…