Vulnerability from csaf_suse
Published
2022-10-14 07:52
Modified
2022-10-14 07:52
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
- CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677).
- CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564)
- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097).
- CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107).
The following non-security bugs were fixed:
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- cifs: alloc_mid function should be marked as static (bsc#1190317).
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1190317).
- cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1190317).
- cifs: check for smb1 in open_cached_dir() (bsc#1190317).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).
- cifs: clean up an inconsistent indenting (bsc#1190317).
- cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1190317).
- cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1190317).
- cifs: do not use uninitialized data in the owner/group sid (bsc#1190317).
- cifs: fix double free race when mount fails in cifs_get_root() (bsc#1190317).
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).
- cifs: fix handlecache and multiuser (bsc#1190317).
- cifs: fix lock length calculation (bsc#1190317).
- cifs: fix ntlmssp auth when there is no key exchange (bsc#1190317).
- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1190317).
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (bsc#1190317).
- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1190317).
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1190317).
- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1190317).
- cifs: mark sessions for reconnection in helper function (bsc#1190317).
- cifs: modefromsids must add an ACE for authenticated users (bsc#1190317).
- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1190317).
- cifs: move from strlcpy with unused retval to strscpy (bsc#1190317).
- cifs: move superblock magic defitions to magic.h (bsc#1190317).
- cifs: potential buffer overflow in handling symlinks (bsc#1190317).
- cifs: prevent bad output lengths in smb2_ioctl_query_info() (bsc#1190317).
- cifs: release cached dentries only if mount is complete (bsc#1190317).
- cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1190317).
- cifs: remove check of list iterator against head past the loop body (bsc#1190317).
- cifs: remove minor build warning (bsc#1190317).
- cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1190317).
- cifs: remove remaining build warnings (bsc#1190317).
- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1190317).
- cifs: remove some camelCase and also some static build warnings (bsc#1190317).
- cifs: remove unnecessary (void*) conversions (bsc#1190317).
- cifs: remove unused server parameter from calc_smb_size() (bsc#1190317).
- cifs: remove useless DeleteMidQEntry() (bsc#1190317).
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1190317).
- cifs: return errors during session setup during reconnects (bsc#1190317).
- cifs: return the more nuanced writeback error on close() (bsc#1190317).
- cifs: sanitize multiple delimiters in prepath (bsc#1190317).
- cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1190317).
- cifs: skip trailing separators of prefix paths (bsc#1190317).
- cifs: smbd: fix typo in comment (bsc#1190317).
- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).
- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
- cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1190317).
- cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1190317).
- cifs: we do not need a spinlock around the tree access during umount (bsc#1190317).
- cifs: when extending a file with falloc we should make files not-sparse (bsc#1190317).
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1203462).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
- Input: iforce - constify usb_device_id and fix space before '[' error (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: stop telling users to snail-mail Vojtech (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- powerpc: Use device_type helpers to access the node type (bsc#1203424 ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- scsi: ch: Make it possible to open a ch device multiple times again (git-fixes).
- scsi: core: Avoid that a kernel warning appears during system resume (git-fixes).
- scsi: core: Avoid that system resume triggers a kernel warning (git-fixes).
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (git-fixes).
- scsi: lpfc: Check the return value of alloc_workqueue() (git-fixes).
- scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (git-fixes).
- scsi: mpt3sas: Fix ioctl timeout (git-fixes).
- scsi: mpt3sas: Fix sync irqs (git-fixes).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (git-fixes).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
- scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sd_zbc: Fix compilation warning (git-fixes).
- scsi: sd: enable compat ioctls for sed-opal (git-fixes).
- scsi: sd: Fix Opal support (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- smb2: small refactor in smb2_check_message() (bsc#1190317).
- smb3: add trace point for SMB2_set_eof (bsc#1190317).
- smb3: check for null tcon (bsc#1190317).
- smb3: check xattr value length earlier (bsc#1190317).
- smb3: do not set rc when used and unneeded in query_info_compound (bsc#1190317).
- smb3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1190317).
- SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).
- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770) Backporting notes: * context changes * config update
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Quectel RM500K module support.
- USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
- USB: Storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- USB: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048) Backporting notes: * context changes
- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)
- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
- xhci: bail out early if driver can't accress host in resume (git-fixes).
Patchnames
SUSE-2022-3584,SUSE-SLE-SERVER-12-SP5-2022-3584
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 12 SP5 kernel was updated.\n\nThe following security bugs were fixed:\n\n- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).\n- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).\n- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).\n- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).\n- CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677).\n- CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564)\n- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097).\n- CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107).\n\nThe following non-security bugs were fixed:\n\n- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)\n- cifs: alloc_mid function should be marked as static (bsc#1190317).\n- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1190317).\n- cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1190317).\n- cifs: check for smb1 in open_cached_dir() (bsc#1190317).\n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).\n- cifs: clean up an inconsistent indenting (bsc#1190317).\n- cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1190317).\n- cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1190317).\n- cifs: do not use uninitialized data in the owner/group sid (bsc#1190317).\n- cifs: fix double free race when mount fails in cifs_get_root() (bsc#1190317).\n- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).\n- cifs: fix handlecache and multiuser (bsc#1190317).\n- cifs: fix lock length calculation (bsc#1190317).\n- cifs: fix ntlmssp auth when there is no key exchange (bsc#1190317).\n- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1190317).\n- cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (bsc#1190317).\n- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).\n- cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1190317).\n- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1190317).\n- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).\n- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1190317).\n- cifs: mark sessions for reconnection in helper function (bsc#1190317).\n- cifs: modefromsids must add an ACE for authenticated users (bsc#1190317).\n- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1190317).\n- cifs: move from strlcpy with unused retval to strscpy (bsc#1190317).\n- cifs: move superblock magic defitions to magic.h (bsc#1190317).\n- cifs: potential buffer overflow in handling symlinks (bsc#1190317).\n- cifs: prevent bad output lengths in smb2_ioctl_query_info() (bsc#1190317).\n- cifs: release cached dentries only if mount is complete (bsc#1190317).\n- cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1190317).\n- cifs: remove check of list iterator against head past the loop body (bsc#1190317).\n- cifs: remove minor build warning (bsc#1190317).\n- cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1190317).\n- cifs: remove remaining build warnings (bsc#1190317).\n- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1190317).\n- cifs: remove some camelCase and also some static build warnings (bsc#1190317).\n- cifs: remove unnecessary (void*) conversions (bsc#1190317).\n- cifs: remove unused server parameter from calc_smb_size() (bsc#1190317).\n- cifs: remove useless DeleteMidQEntry() (bsc#1190317).\n- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1190317).\n- cifs: return errors during session setup during reconnects (bsc#1190317).\n- cifs: return the more nuanced writeback error on close() (bsc#1190317).\n- cifs: sanitize multiple delimiters in prepath (bsc#1190317).\n- cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1190317).\n- cifs: skip trailing separators of prefix paths (bsc#1190317).\n- cifs: smbd: fix typo in comment (bsc#1190317).\n- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).\n- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).\n- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).\n- cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1190317).\n- cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1190317).\n- cifs: we do not need a spinlock around the tree access during umount (bsc#1190317).\n- cifs: when extending a file with falloc we should make files not-sparse (bsc#1190317).\n- dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1203462).\n- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.\n- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)\n- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).\n- Input: iforce - constify usb_device_id and fix space before '[' error (git-fixes).\n- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).\n- Input: stop telling users to snail-mail Vojtech (git-fixes).\n- md-raid10: fix KASAN warning (git-fixes).\n- md: call __md_stop_writes in md_stop (git-fixes).\n- net: mana: Add rmb after checking owner bits (git-fixes).\n- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).\n- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).\n- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).\n- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).\n- powerpc: Use device_type helpers to access the node type (bsc#1203424 ltc#199544).\n- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).\n- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).\n- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).\n- scsi: ch: Make it possible to open a ch device multiple times again (git-fixes).\n- scsi: core: Avoid that a kernel warning appears during system resume (git-fixes).\n- scsi: core: Avoid that system resume triggers a kernel warning (git-fixes).\n- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure (git-fixes).\n- scsi: lpfc: Add missing destroy_workqueue() in error path (git-fixes).\n- scsi: lpfc: Check the return value of alloc_workqueue() (git-fixes).\n- scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (git-fixes).\n- scsi: mpt3sas: Fix ioctl timeout (git-fixes).\n- scsi: mpt3sas: Fix sync irqs (git-fixes).\n- scsi: mpt3sas: Fix use-after-free warning (git-fixes).\n- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).\n- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).\n- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).\n- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).\n- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).\n- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).\n- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).\n- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (git-fixes).\n- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).\n- scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).\n- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).\n- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).\n- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).\n- scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).\n- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).\n- scsi: sd_zbc: Fix compilation warning (git-fixes).\n- scsi: sd: enable compat ioctls for sed-opal (git-fixes).\n- scsi: sd: Fix Opal support (git-fixes).\n- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).\n- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).\n- smb2: small refactor in smb2_check_message() (bsc#1190317).\n- smb3: add trace point for SMB2_set_eof (bsc#1190317).\n- smb3: check for null tcon (bsc#1190317).\n- smb3: check xattr value length earlier (bsc#1190317).\n- smb3: do not set rc when used and unneeded in query_info_compound (bsc#1190317).\n- smb3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1190317).\n- SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).\n- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770) Backporting notes: \t* context changes \t* config update\n- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).\n- USB: core: Prevent nested device-reset calls (git-fixes).\n- USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).\n- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).\n- USB: serial: option: add Quectel EM05-G modem (git-fixes).\n- USB: serial: option: add Quectel RM500K module support.\n- USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).\n- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).\n- USB: Storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).\n- USB: struct usb_device: hide new member (git-fixes).\n- USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).\n- USB: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).\n- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).\n- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048) Backporting notes: \t* context changes\n- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)\n- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)\n- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)\n- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)\n- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)\n- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.\n- xhci: bail out early if driver can't accress host in resume (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3584,SUSE-SLE-SERVER-12-SP5-2022-3584", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3584-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3584-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223584-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3584-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012540.html", }, { category: "self", summary: "SUSE Bug 1124235", url: "https://bugzilla.suse.com/1124235", }, { category: "self", summary: "SUSE Bug 1129770", url: "https://bugzilla.suse.com/1129770", }, { category: "self", summary: "SUSE Bug 1154048", url: "https://bugzilla.suse.com/1154048", }, { category: "self", summary: "SUSE Bug 1190317", url: "https://bugzilla.suse.com/1190317", }, { category: "self", summary: "SUSE Bug 1199564", url: "https://bugzilla.suse.com/1199564", }, { category: "self", summary: "SUSE Bug 1201309", url: "https://bugzilla.suse.com/1201309", }, { category: "self", summary: "SUSE Bug 1202097", url: "https://bugzilla.suse.com/1202097", }, { category: "self", summary: "SUSE Bug 1202385", url: "https://bugzilla.suse.com/1202385", }, { category: "self", summary: "SUSE Bug 1202677", url: "https://bugzilla.suse.com/1202677", }, { category: "self", summary: "SUSE Bug 1202960", url: "https://bugzilla.suse.com/1202960", }, { category: "self", summary: "SUSE Bug 1203098", url: "https://bugzilla.suse.com/1203098", }, { category: "self", summary: "SUSE Bug 1203107", url: "https://bugzilla.suse.com/1203107", }, { category: "self", summary: "SUSE Bug 1203410", url: "https://bugzilla.suse.com/1203410", }, { category: "self", summary: "SUSE Bug 1203424", url: "https://bugzilla.suse.com/1203424", }, { category: "self", summary: "SUSE Bug 1203462", url: "https://bugzilla.suse.com/1203462", }, { category: "self", summary: "SUSE Bug 1203552", url: "https://bugzilla.suse.com/1203552", }, { category: "self", summary: "SUSE Bug 1203769", url: "https://bugzilla.suse.com/1203769", }, { category: "self", summary: "SUSE Bug 1203933", url: "https://bugzilla.suse.com/1203933", }, { category: "self", summary: "SUSE Bug 1203935", url: "https://bugzilla.suse.com/1203935", }, { category: "self", summary: "SUSE Bug 1203987", url: "https://bugzilla.suse.com/1203987", }, { category: "self", summary: "SUSE CVE CVE-2022-20008 page", url: "https://www.suse.com/security/cve/CVE-2022-20008/", }, { category: "self", summary: "SUSE CVE CVE-2022-2503 page", url: "https://www.suse.com/security/cve/CVE-2022-2503/", }, { category: "self", summary: "SUSE CVE CVE-2022-2663 page", url: "https://www.suse.com/security/cve/CVE-2022-2663/", }, { category: "self", summary: "SUSE CVE CVE-2022-3239 page", url: "https://www.suse.com/security/cve/CVE-2022-3239/", }, { category: "self", summary: "SUSE CVE CVE-2022-3303 page", url: "https://www.suse.com/security/cve/CVE-2022-3303/", }, { category: "self", summary: "SUSE CVE CVE-2022-39188 page", url: "https://www.suse.com/security/cve/CVE-2022-39188/", }, { category: "self", summary: "SUSE CVE CVE-2022-41218 page", url: "https://www.suse.com/security/cve/CVE-2022-41218/", }, { category: "self", summary: "SUSE CVE CVE-2022-41848 page", url: "https://www.suse.com/security/cve/CVE-2022-41848/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2022-10-14T07:52:13Z", generator: { date: "2022-10-14T07:52:13Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3584-1", initial_release_date: "2022-10-14T07:52:13Z", revision_history: [ { date: "2022-10-14T07:52:13Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-azure-4.12.14-16.112.1.noarch", product: { name: "kernel-devel-azure-4.12.14-16.112.1.noarch", product_id: "kernel-devel-azure-4.12.14-16.112.1.noarch", }, }, { category: "product_version", name: "kernel-source-azure-4.12.14-16.112.1.noarch", product: { name: "kernel-source-azure-4.12.14-16.112.1.noarch", product_id: "kernel-source-azure-4.12.14-16.112.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-azure-4.12.14-16.112.1.x86_64", product: { name: "cluster-md-kmp-azure-4.12.14-16.112.1.x86_64", product_id: "cluster-md-kmp-azure-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-azure-4.12.14-16.112.1.x86_64", product: { name: "dlm-kmp-azure-4.12.14-16.112.1.x86_64", product_id: "dlm-kmp-azure-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-azure-4.12.14-16.112.1.x86_64", product: { name: "gfs2-kmp-azure-4.12.14-16.112.1.x86_64", product_id: "gfs2-kmp-azure-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-4.12.14-16.112.1.x86_64", product: { name: "kernel-azure-4.12.14-16.112.1.x86_64", product_id: "kernel-azure-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-base-4.12.14-16.112.1.x86_64", product: { name: "kernel-azure-base-4.12.14-16.112.1.x86_64", product_id: "kernel-azure-base-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-devel-4.12.14-16.112.1.x86_64", product: { name: "kernel-azure-devel-4.12.14-16.112.1.x86_64", product_id: "kernel-azure-devel-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-extra-4.12.14-16.112.1.x86_64", product: { name: "kernel-azure-extra-4.12.14-16.112.1.x86_64", product_id: "kernel-azure-extra-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-kgraft-devel-4.12.14-16.112.1.x86_64", product: { name: "kernel-azure-kgraft-devel-4.12.14-16.112.1.x86_64", product_id: "kernel-azure-kgraft-devel-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-azure-4.12.14-16.112.1.x86_64", product: { name: "kernel-syms-azure-4.12.14-16.112.1.x86_64", product_id: "kernel-syms-azure-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-azure-4.12.14-16.112.1.x86_64", product: { name: "kselftests-kmp-azure-4.12.14-16.112.1.x86_64", product_id: "kselftests-kmp-azure-4.12.14-16.112.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-azure-4.12.14-16.112.1.x86_64", product: { name: "ocfs2-kmp-azure-4.12.14-16.112.1.x86_64", product_id: "ocfs2-kmp-azure-4.12.14-16.112.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-azure-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-azure-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-azure-base-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-azure-devel-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.12.14-16.112.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", }, product_reference: "kernel-devel-azure-4.12.14-16.112.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.12.14-16.112.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", }, product_reference: "kernel-source-azure-4.12.14-16.112.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-syms-azure-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-azure-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-azure-base-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-azure-devel-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.12.14-16.112.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", }, product_reference: "kernel-devel-azure-4.12.14-16.112.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.12.14-16.112.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", }, product_reference: "kernel-source-azure-4.12.14-16.112.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.12.14-16.112.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", }, product_reference: "kernel-syms-azure-4.12.14-16.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2022-20008", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-20008", }, ], notes: [ { category: "general", text: "In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-20008", url: "https://www.suse.com/security/cve/CVE-2022-20008", }, { category: "external", summary: "SUSE Bug 1199564 for CVE-2022-20008", url: "https://bugzilla.suse.com/1199564", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "moderate", }, ], title: "CVE-2022-20008", }, { cve: "CVE-2022-2503", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2503", }, ], notes: [ { category: "general", text: "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2503", url: "https://www.suse.com/security/cve/CVE-2022-2503", }, { category: "external", summary: "SUSE Bug 1202677 for CVE-2022-2503", url: "https://bugzilla.suse.com/1202677", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "moderate", }, ], title: "CVE-2022-2503", }, { cve: "CVE-2022-2663", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2663", }, ], notes: [ { category: "general", text: "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2663", url: "https://www.suse.com/security/cve/CVE-2022-2663", }, { category: "external", summary: "SUSE Bug 1202097 for CVE-2022-2663", url: "https://bugzilla.suse.com/1202097", }, { category: "external", summary: "SUSE Bug 1212299 for CVE-2022-2663", url: "https://bugzilla.suse.com/1212299", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "moderate", }, ], title: "CVE-2022-2663", }, { cve: "CVE-2022-3239", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3239", }, ], notes: [ { category: "general", text: "A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3239", url: "https://www.suse.com/security/cve/CVE-2022-3239", }, { category: "external", summary: "SUSE Bug 1203552 for CVE-2022-3239", url: "https://bugzilla.suse.com/1203552", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "moderate", }, ], title: "CVE-2022-3239", }, { cve: "CVE-2022-3303", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3303", }, ], notes: [ { category: "general", text: "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3303", url: "https://www.suse.com/security/cve/CVE-2022-3303", }, { category: "external", summary: "SUSE Bug 1203769 for CVE-2022-3303", url: "https://bugzilla.suse.com/1203769", }, { category: "external", summary: "SUSE Bug 1212304 for CVE-2022-3303", url: "https://bugzilla.suse.com/1212304", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "moderate", }, ], title: "CVE-2022-3303", }, { cve: "CVE-2022-39188", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39188", }, ], notes: [ { category: "general", text: "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-39188", url: "https://www.suse.com/security/cve/CVE-2022-39188", }, { category: "external", summary: "SUSE Bug 1203107 for CVE-2022-39188", url: "https://bugzilla.suse.com/1203107", }, { category: "external", summary: "SUSE Bug 1203116 for CVE-2022-39188", url: "https://bugzilla.suse.com/1203116", }, { category: "external", summary: "SUSE Bug 1205313 for CVE-2022-39188", url: "https://bugzilla.suse.com/1205313", }, { category: "external", summary: "SUSE Bug 1209225 for CVE-2022-39188", url: "https://bugzilla.suse.com/1209225", }, { category: "external", summary: "SUSE Bug 1212326 for CVE-2022-39188", url: "https://bugzilla.suse.com/1212326", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "moderate", }, ], title: "CVE-2022-39188", }, { cve: "CVE-2022-41218", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41218", }, ], notes: [ { category: "general", text: "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41218", url: "https://www.suse.com/security/cve/CVE-2022-41218", }, { category: "external", summary: "SUSE Bug 1202960 for CVE-2022-41218", url: "https://bugzilla.suse.com/1202960", }, { category: "external", summary: "SUSE Bug 1203606 for CVE-2022-41218", url: "https://bugzilla.suse.com/1203606", }, { category: "external", summary: "SUSE Bug 1205313 for CVE-2022-41218", url: "https://bugzilla.suse.com/1205313", }, { category: "external", summary: "SUSE Bug 1209225 for CVE-2022-41218", url: "https://bugzilla.suse.com/1209225", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "important", }, ], title: "CVE-2022-41218", }, { cve: "CVE-2022-41848", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41848", }, ], notes: [ { category: "general", text: "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-41848", url: "https://www.suse.com/security/cve/CVE-2022-41848", }, { category: "external", summary: "SUSE Bug 1203987 for CVE-2022-41848", url: "https://bugzilla.suse.com/1203987", }, { category: "external", summary: "SUSE Bug 1211484 for CVE-2022-41848", url: "https://bugzilla.suse.com/1211484", }, { category: "external", summary: "SUSE Bug 1212317 for CVE-2022-41848", url: "https://bugzilla.suse.com/1212317", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.112.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.112.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.112.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-14T07:52:13Z", details: "moderate", }, ], title: "CVE-2022-41848", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.