SUSE-SU-2023:0416-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Feb 15 14:20:06 UTC 2023


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2023:0416-1
Rating:             important
References:         #1055710 #1084513 #1131430 #1133374 #1154848 
                    #1166098 #1173514 #1177471 #1191961 #1196973 
                    #1197331 #1197343 #1197366 #1197391 #1198516 
                    #1198829 #1199063 #1199426 #1199487 #1199650 
                    #1199657 #1200598 #1200619 #1200692 #1200910 
                    #1201050 #1201251 #1201429 #1201635 #1201636 
                    #1201940 #1201948 #1202097 #1202346 #1202347 
                    #1202393 #1202500 #1202897 #1202898 #1202960 
                    #1203107 #1203271 #1203514 #1203769 #1203960 
                    #1203987 #1204166 #1204354 #1204405 #1204431 
                    #1204439 #1204574 #1204631 #1204646 #1204647 
                    #1204653 #1204894 #1204922 #1205220 #1205514 
                    #1205671 #1205796 #1206677 
Cross-References:   CVE-2017-13695 CVE-2018-7755 CVE-2019-3837
                    CVE-2019-3900 CVE-2020-15393 CVE-2020-16119
                    CVE-2020-36557 CVE-2020-36558 CVE-2021-26341
                    CVE-2021-33655 CVE-2021-33656 CVE-2021-34981
                    CVE-2021-39713 CVE-2021-45868 CVE-2022-1011
                    CVE-2022-1048 CVE-2022-1353 CVE-2022-1462
                    CVE-2022-1652 CVE-2022-1679 CVE-2022-20132
                    CVE-2022-20166 CVE-2022-20368 CVE-2022-20369
                    CVE-2022-21123 CVE-2022-21125 CVE-2022-21127
                    CVE-2022-21166 CVE-2022-21180 CVE-2022-21385
                    CVE-2022-21499 CVE-2022-2318 CVE-2022-2663
                    CVE-2022-28356 CVE-2022-29900 CVE-2022-29901
                    CVE-2022-3028 CVE-2022-3303 CVE-2022-33981
                    CVE-2022-3424 CVE-2022-3524 CVE-2022-3565
                    CVE-2022-3566 CVE-2022-3586 CVE-2022-3621
                    CVE-2022-3635 CVE-2022-3646 CVE-2022-3649
                    CVE-2022-36879 CVE-2022-36946 CVE-2022-3903
                    CVE-2022-39188 CVE-2022-40768 CVE-2022-4095
                    CVE-2022-41218 CVE-2022-41848 CVE-2022-41850
                    CVE-2022-41858 CVE-2022-43750 CVE-2022-44032
                    CVE-2022-44033 CVE-2022-45934
CVSS scores:
                    CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-3837 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2019-3837 (SUSE): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-15393 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-15393 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-26341 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33656 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
                    CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-39713 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
                    CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-21127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2022-28356 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-29901 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-33981 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3524 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3565 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3621 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3646 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3649 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43750 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-44032 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-44032 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-44033 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-44033 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE
______________________________________________________________________________

   An update that solves 62 vulnerabilities and has one errata
   is now available.

Description:


   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2017-13695: Fixed fix acpi operand cache leak in nseval.c
     (bsc#1055710).
   - CVE-2018-7755: Fixed bypass of kernel security protections such as KASLR
     using fd_locked_ioctl function in drivers/block/floppy.c (bnc#1084513).
   - CVE-2019-3837: Fixed memory leak due to thread-unsafe implementation of
     the net_dma code in tcp_recvmsg() (bnc#1131430).
   - CVE-2019-3900: Fixed infinite loop while receiving packets in vhost_net
     (bnc#1133374).
   - CVE-2020-15393: Fixed memory leak in usbtest_disconnect in
     drivers/usb/misc/usbtest.c (bnc#1173514).
   - CVE-2020-16119: Fixed use-after-free exploitable by a local attacker due
     to reuse of a DCCP socket (bnc#1177471).
   - CVE-2020-36557: Fixed race condition in the VT_DISALLOCATE ioctl and
     closing/opening of ttys which could lead to a use-after-free
     (bnc#1201429).
   - CVE-2020-36558: Fixed race condition in VT_RESIZEX (bsc#1200910).
   - CVE-2021-26341: Fixed vulnerablity where some AMD CPUs may transiently
     execute beyond unconditional direct branches, which may potentially
     result in data leakage (bnc#1201050).
   - CVE-2021-33655: When sending malicous data to kernel by ioctl cmd
     FBIOPUT_VSCREENINFO,kernel will write memory out of bounds (bnc#1201635).
   - CVE-2021-33656: Fixed memory out of bounds write when setting font with
     malicous data by ioctl cmd PIO_FONT (bnc#1201636).
   - CVE-2021-34981: Fixed file refcounter in bluetooth cmtp when
     cmtp_attach_device fails (bsc#1191961).
   - CVE-2021-39713: Fixed race condition in the network scheduling subsystem
     which could lead to a use-after-free (bsc#1196973).
   - CVE-2021-45868: Fixed use-after-free in fs/quota/quota_tree.c
     (bnc#1197366).
   - CVE-2022-1011: Fixed UAF reads of write() buffers, allowing theft of
     (partial) /etc/shadow hashes (bsc#1197343).
   - CVE-2022-1048: Fixed potential AB/BA lock with buffer_mutex and
     mmap_lock (bsc#1197331).
   - CVE-2022-1353: Fixed denial of service in the pfkey_register function in
     net/key/af_key.c (bnc#1198516).
   - CVE-2022-1462: Fixed out-of-bounds read in the TeleTYpe subsystem
     allowing local user to crash the system or read unauthorized random data
     from memory (bnc#1198829).
   - CVE-2022-1652: Fixed use after free in floppy (bsc#1199063).
   - CVE-2022-1679: Fixed use-after-free in the atheros wireless adapter
     driver (bnc#1199487).
   - CVE-2022-20132: Fixed out of bounds read in lg_probe and related
     functions of hid-lg.c and other USB HID files (bnc#1200619).
   - CVE-2022-20166: Fixed out of bounds write due to a heap buffer overflow
     which could lead to local escalation of privilege with System execution
     privileges needed (bnc#1200598).
   - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
     (bnc#1202346).
   - CVE-2022-20369: Fixed out of bounds write due to improper input
     validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
   - CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125,
     CVE-2022-21180: Fixed stale MMIO data transient information leaks
     (INTEL-TA-00615) (bnc#1199650).
   - CVE-2022-21385: Fixed warn in rds_message_alloc_sgs (bnc#1202897).
   - CVE-2022-21499: Fixed issue where it was trivial to break out of
     lockdown using kgdb (bsc#1199426).
   - CVE-2022-2318: Fixed use-after-free caused by timer handler in
     net/rose/rose_timer.c of linux that allow attackers to crash linux
     kernel without any privileges (bnc#1201251).
   - CVE-2022-2663: Fixed possible firewall bypass when users are using
     unencrypted IRC due to message handling confusion in nf_conntrack_irc
     (bnc#1202097).
   - CVE-2022-28356: Fixed refcount leak bug in net/llc/af_llc.c
     (bnc#1197391).
   - CVE-2022-29900: Fixed mis-trained branch predictions for return
     instructions that may have allowed arbitrary speculative code execution
     under certain microarchitecture-dependent conditions (bnc#1199657).
   - CVE-2022-29901: Fixed vulnerability where an attacker with unprivileged
     user access can hijack return instructions to achieve arbitrary
     speculative code execution under certain microarchitecture-dependent
     conditions (bnc#1199657).
   - CVE-2022-3028: Fixed a race condition in the Linux kernel's IP framework
     for transforming packets (XFRM subsystem) when multiple calls to
     xfrm_probe_algs occurred simultaneously (bnc#1202898).
   - CVE-2022-3303: Fixed race condition in the sound subsystem due to
     improper locking (bnc#1203769).
   - CVE-2022-33981: Fixed denial of service in drivers/block/floppy.c
     (bnc#1200692).
   - CVE-2022-3424: Fixed use-after-free in gru_set_context_option leading to
     kernel panic (bnc#1204166).
   - CVE-2022-3524: Fixed memory leak in ipv6_renew_options of the component
     IPv6 Handler (bnc#1204354).
   - CVE-2022-3565: Fixed use-after-free in del_timer of the file
     drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth (bnc#1204431).
   - CVE-2022-3566: Fixed race condition in the TCP Handler (bnc#1204405).
   - CVE-2022-3586: Fixed use-after-free in the sch_sfb enqueue function
     (bnc#1204439).
   - CVE-2022-3621: Fixed null pointer dereference in fs/nilfs2/inode.c of
     the component nilfs2 (bnc#1204574).
   - CVE-2022-3635: Fixed use-after-free in IPsec (bnc#1204631).
   - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer of the file
     fs/nilfs2/segment.c of the component BPF (bnc#1204646).
   - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode of the file
     fs/nilfs2/inode.c (bnc#1204647).
   - CVE-2022-36879: Fixed double refcount drop in xfrm_expand_policies in
     net/xfrm/xfrm_policy.c (bnc#1201948).
   - CVE-2022-36946: Fixed denial of service in nfqnl_mangle in
     net/netfilter/nfnetlink_queue.c (bnc#1201940).
   - CVE-2022-3903: Fixed incorrect read request flaw in the Infrared
     Transceiver USB driver (bnc#1205220).
   - CVE-2022-39188: Fixed TLB flush for PFNMAP mappings before
     unlink_file_vma() (bsc#1203107).
   - CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c
     (bnc#1203514).
   - CVE-2022-4095: Fixed use-after-free in rtl8712 (bsc#1205514).
   - CVE-2022-41218: Fixed use-after-free in drivers/media/dvb-core/dmxdev.c
     (bnc#1202960).
   - CVE-2022-41848: Fixed use-after-free in
     drivers/char/pcmcia/synclink_cs.c (bnc#1203987).
   - CVE-2022-41850: Fixed use-after-free in roccat_report_event in
     drivers/hid/hid-roccat.c (bnc#1203960).
   - CVE-2022-41858: Fixed NULL pointer dereference in
     drivers/net/slip/slip.c (bnc#1205671).
   - CVE-2022-43750: Fixed memory corruption in drivers/usb/mon/mon_bin.c
     (bnc#1204653).
   - CVE-2022-44032: Fixed race condition in drivers/char/pcmcia/cm4000_cs.c
     (bnc#1204894).
   - CVE-2022-44033: Fixed use-after-free in drivers/char/pcmcia/cm4040_cs.c
     (bnc#1204922).
   - CVE-2022-45934: Fixed integer wraparound in net/bluetooth/l2cap_core.c
     (bnc#1205796).

   The following non-security bugs were fixed:

   - Fail if no bound addresses can be used for a given scope (bsc#1206677).
   - Fixed missing check on handle in net_sched cls_route (bsc#1202393).
   - Trim skb to alloc size to avoid MSG_TRUNC (bsc#1166098).
   - Fixed confusing boot logging with Skylake on RETBLEED kernel
     (bsc#1202500).
   - Fixed retbleed performance issues (bsc#1203271).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE:

      zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-416=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE (x86_64):

      kernel-default-3.0.101-108.138.1
      kernel-default-base-3.0.101-108.138.1
      kernel-default-devel-3.0.101-108.138.1
      kernel-ec2-3.0.101-108.138.1
      kernel-ec2-base-3.0.101-108.138.1
      kernel-ec2-devel-3.0.101-108.138.1
      kernel-source-3.0.101-108.138.1
      kernel-syms-3.0.101-108.138.1
      kernel-trace-3.0.101-108.138.1
      kernel-trace-base-3.0.101-108.138.1
      kernel-trace-devel-3.0.101-108.138.1
      kernel-xen-3.0.101-108.138.1
      kernel-xen-base-3.0.101-108.138.1
      kernel-xen-devel-3.0.101-108.138.1


References:

   https://www.suse.com/security/cve/CVE-2017-13695.html
   https://www.suse.com/security/cve/CVE-2018-7755.html
   https://www.suse.com/security/cve/CVE-2019-3837.html
   https://www.suse.com/security/cve/CVE-2019-3900.html
   https://www.suse.com/security/cve/CVE-2020-15393.html
   https://www.suse.com/security/cve/CVE-2020-16119.html
   https://www.suse.com/security/cve/CVE-2020-36557.html
   https://www.suse.com/security/cve/CVE-2020-36558.html
   https://www.suse.com/security/cve/CVE-2021-26341.html
   https://www.suse.com/security/cve/CVE-2021-33655.html
   https://www.suse.com/security/cve/CVE-2021-33656.html
   https://www.suse.com/security/cve/CVE-2021-34981.html
   https://www.suse.com/security/cve/CVE-2021-39713.html
   https://www.suse.com/security/cve/CVE-2021-45868.html
   https://www.suse.com/security/cve/CVE-2022-1011.html
   https://www.suse.com/security/cve/CVE-2022-1048.html
   https://www.suse.com/security/cve/CVE-2022-1353.html
   https://www.suse.com/security/cve/CVE-2022-1462.html
   https://www.suse.com/security/cve/CVE-2022-1652.html
   https://www.suse.com/security/cve/CVE-2022-1679.html
   https://www.suse.com/security/cve/CVE-2022-20132.html
   https://www.suse.com/security/cve/CVE-2022-20166.html
   https://www.suse.com/security/cve/CVE-2022-20368.html
   https://www.suse.com/security/cve/CVE-2022-20369.html
   https://www.suse.com/security/cve/CVE-2022-21123.html
   https://www.suse.com/security/cve/CVE-2022-21125.html
   https://www.suse.com/security/cve/CVE-2022-21127.html
   https://www.suse.com/security/cve/CVE-2022-21166.html
   https://www.suse.com/security/cve/CVE-2022-21180.html
   https://www.suse.com/security/cve/CVE-2022-21385.html
   https://www.suse.com/security/cve/CVE-2022-21499.html
   https://www.suse.com/security/cve/CVE-2022-2318.html
   https://www.suse.com/security/cve/CVE-2022-2663.html
   https://www.suse.com/security/cve/CVE-2022-28356.html
   https://www.suse.com/security/cve/CVE-2022-29900.html
   https://www.suse.com/security/cve/CVE-2022-29901.html
   https://www.suse.com/security/cve/CVE-2022-3028.html
   https://www.suse.com/security/cve/CVE-2022-3303.html
   https://www.suse.com/security/cve/CVE-2022-33981.html
   https://www.suse.com/security/cve/CVE-2022-3424.html
   https://www.suse.com/security/cve/CVE-2022-3524.html
   https://www.suse.com/security/cve/CVE-2022-3565.html
   https://www.suse.com/security/cve/CVE-2022-3566.html
   https://www.suse.com/security/cve/CVE-2022-3586.html
   https://www.suse.com/security/cve/CVE-2022-3621.html
   https://www.suse.com/security/cve/CVE-2022-3635.html
   https://www.suse.com/security/cve/CVE-2022-3646.html
   https://www.suse.com/security/cve/CVE-2022-3649.html
   https://www.suse.com/security/cve/CVE-2022-36879.html
   https://www.suse.com/security/cve/CVE-2022-36946.html
   https://www.suse.com/security/cve/CVE-2022-3903.html
   https://www.suse.com/security/cve/CVE-2022-39188.html
   https://www.suse.com/security/cve/CVE-2022-40768.html
   https://www.suse.com/security/cve/CVE-2022-4095.html
   https://www.suse.com/security/cve/CVE-2022-41218.html
   https://www.suse.com/security/cve/CVE-2022-41848.html
   https://www.suse.com/security/cve/CVE-2022-41850.html
   https://www.suse.com/security/cve/CVE-2022-41858.html
   https://www.suse.com/security/cve/CVE-2022-43750.html
   https://www.suse.com/security/cve/CVE-2022-44032.html
   https://www.suse.com/security/cve/CVE-2022-44033.html
   https://www.suse.com/security/cve/CVE-2022-45934.html
   https://bugzilla.suse.com/1055710
   https://bugzilla.suse.com/1084513
   https://bugzilla.suse.com/1131430
   https://bugzilla.suse.com/1133374
   https://bugzilla.suse.com/1154848
   https://bugzilla.suse.com/1166098
   https://bugzilla.suse.com/1173514
   https://bugzilla.suse.com/1177471
   https://bugzilla.suse.com/1191961
   https://bugzilla.suse.com/1196973
   https://bugzilla.suse.com/1197331
   https://bugzilla.suse.com/1197343
   https://bugzilla.suse.com/1197366
   https://bugzilla.suse.com/1197391
   https://bugzilla.suse.com/1198516
   https://bugzilla.suse.com/1198829
   https://bugzilla.suse.com/1199063
   https://bugzilla.suse.com/1199426
   https://bugzilla.suse.com/1199487
   https://bugzilla.suse.com/1199650
   https://bugzilla.suse.com/1199657
   https://bugzilla.suse.com/1200598
   https://bugzilla.suse.com/1200619
   https://bugzilla.suse.com/1200692
   https://bugzilla.suse.com/1200910
   https://bugzilla.suse.com/1201050
   https://bugzilla.suse.com/1201251
   https://bugzilla.suse.com/1201429
   https://bugzilla.suse.com/1201635
   https://bugzilla.suse.com/1201636
   https://bugzilla.suse.com/1201940
   https://bugzilla.suse.com/1201948
   https://bugzilla.suse.com/1202097
   https://bugzilla.suse.com/1202346
   https://bugzilla.suse.com/1202347
   https://bugzilla.suse.com/1202393
   https://bugzilla.suse.com/1202500
   https://bugzilla.suse.com/1202897
   https://bugzilla.suse.com/1202898
   https://bugzilla.suse.com/1202960
   https://bugzilla.suse.com/1203107
   https://bugzilla.suse.com/1203271
   https://bugzilla.suse.com/1203514
   https://bugzilla.suse.com/1203769
   https://bugzilla.suse.com/1203960
   https://bugzilla.suse.com/1203987
   https://bugzilla.suse.com/1204166
   https://bugzilla.suse.com/1204354
   https://bugzilla.suse.com/1204405
   https://bugzilla.suse.com/1204431
   https://bugzilla.suse.com/1204439
   https://bugzilla.suse.com/1204574
   https://bugzilla.suse.com/1204631
   https://bugzilla.suse.com/1204646
   https://bugzilla.suse.com/1204647
   https://bugzilla.suse.com/1204653
   https://bugzilla.suse.com/1204894
   https://bugzilla.suse.com/1204922
   https://bugzilla.suse.com/1205220
   https://bugzilla.suse.com/1205514
   https://bugzilla.suse.com/1205671
   https://bugzilla.suse.com/1205796
   https://bugzilla.suse.com/1206677



More information about the sle-updates mailing list