SUSE-SU-2022:1037-1
Vulnerability from csaf_suse - Published: 2022-03-30 07:36 - Updated: 2022-03-30 07:36Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
- CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864).
The following non-security bugs were fixed:
- ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
- Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).
- EDAC/altera: Fix deferred probing (bsc#1178134).
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Hand over the maintainership to SLE15-SP3 maintainers
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes).
- RDMA/core: Do not infoleak GRH fields (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes).
- SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- USB: gadget: validate interface OS descriptor requests (git-fixes).
- USB: hub: Clean up use of port initialization schemes and retries (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
- blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
- bonding: force carrier update when releasing slave (git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes).
- cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).
- cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278).
- dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211).
- efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files (git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gtp: remove useless rcu_read_lock() (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection (git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- mask out added spinlock in rndis_params (git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
- net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172).
- net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172).
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes).
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes).
- net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447).
- net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
- net: sfc: Replace in_interrupt() usage (git-fixes).
- net: tipc: validate domain record count on input (bsc#1195254).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447).
- netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes).
- nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes).
- nvme: fix a possible use-after-free in controller reset during load (git-fixes).
- powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files.
- powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449).
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
- powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278).
- sched/core: Mitigate race (git-fixes)
- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes).
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- scsi: ufs: Fix race conditions related to driver data (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).
- sr9700: sanity check for packet length (bsc#1196836).
- tracing: Fix return value of __setup handlers (git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
- tty: n_gsm: fix proper link termination after failed open (git-fixes).
- usb: dwc2: use well defined macros for power_down (git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
- usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
- vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set (git-fixes).
Patchnames: SUSE-2022-1037,SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1037
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).\n- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).\n- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).\n- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).\n- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)\n- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)\n- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).\n- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev-\u003ebuf release (bsc#1195905).\n- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).\n- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).\n- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).\n- CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864).\n\nThe following non-security bugs were fixed:\n\n- ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).\n- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).\n- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).\n- ASoC: cs4265: Fix the duplicated control name (git-fixes).\n- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).\n- ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).\n- ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).\n- Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).\n- EDAC/altera: Fix deferred probing (bsc#1178134).\n- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).\n- HID: add mapping for KEY_DICTATE (git-fixes).\n- Hand over the maintainership to SLE15-SP3 maintainers\n- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).\n- IB/hfi1: Fix early init panic (git-fixes).\n- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).\n- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes).\n- IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).\n- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).\n- Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).\n- Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).\n- RDMA/bnxt_re: Scan the whole bitmap when checking if \u0027disabling RCFW with pending cmd-bit\u0027 (git-fixes).\n- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147).\n- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes).\n- RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes).\n- RDMA/core: Do not infoleak GRH fields (git-fixes).\n- RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes).\n- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).\n- RDMA/hns: Validate the pkey index (git-fixes).\n- RDMA/ib_srp: Fix a deadlock (git-fixes).\n- RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).\n- RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176).\n- RDMA/rxe: Fix a typo in opcode name (git-fixes).\n- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).\n- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).\n- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).\n- Revert \u0027USB: serial: ch341: add new Product ID for CH341A\u0027 (git-fixes).\n- SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).\n- USB: gadget: validate endpoint index for xilinx udc (git-fixes).\n- USB: gadget: validate interface OS descriptor requests (git-fixes).\n- USB: hub: Clean up use of port initialization schemes and retries (git-fixes).\n- USB: serial: option: add Telit LE910R1 compositions (git-fixes).\n- USB: serial: option: add support for DW5829e (git-fixes).\n- USB: zaurus: support another broken Zaurus (git-fixes).\n- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).\n- asix: fix uninit-value in asix_mdio_read() (git-fixes).\n- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).\n- batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).\n- batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).\n- batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).\n- blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787).\n- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).\n- bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).\n- bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).\n- bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).\n- bonding: force carrier update when releasing slave (git-fixes).\n- can: gs_usb: change active_channels\u0027s type from atomic_t to u8 (git-fixes).\n- cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).\n- cgroup/cpuset: Fix \u0027suspicious RCU usage\u0027 lockdep warning (bsc#1196868).\n- clk: jz4725b: fix mmc0 clock gating (git-fixes).\n- cpufreq: schedutil: Use kobject release() method to free (git-fixes)\n- cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).\n- cputime, cpuacct: Include guest time in user time in (git-fixes)\n- dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278).\n- dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278).\n- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).\n- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).\n- drm/edid: Always set RGB444 (git-fixes).\n- drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211).\n- drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211).\n- drm/i915: Nuke not needed members of dram_info (bsc#1195211).\n- drm/i915: Remove memory frequency calculation (bsc#1195211).\n- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211).\n- efivars: Respect \u0027block\u0027 flag in efivar_entry_set_safe() (git-fixes).\n- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).\n- exfat: fix incorrect loading of i_blocks for large files (git-fixes).\n- firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).\n- gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes).\n- gpio: tegra186: Fix chip_data type confusion (git-fixes).\n- gtp: remove useless rcu_read_lock() (git-fixes).\n- hamradio: fix macro redefine warning (git-fixes).\n- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).\n- iavf: Fix missing check for running netdev (git-fixes).\n- ice: initialize local variable \u0027tlv\u0027 (jsc#SLE-12878).\n- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).\n- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).\n- iio: Fix error handling for PM (git-fixes).\n- iio: adc: ad7124: fix mask used for setting AIN_BUFP \u0026 AIN_BUFM bits (git-fixes).\n- iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).\n- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).\n- mac80211: fix forwarded mesh frames AC \u0026 queue selection (git-fixes).\n- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).\n- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).\n- mask out added spinlock in rndis_params (git-fixes).\n- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).\n- net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).\n- net/mlx5: Update the list of the PCI supported devices (git-fixes).\n- net/mlx5: Update the list of the PCI supported devices (git-fixes).\n- net/mlx5e: Fix modify header actions memory leak (git-fixes).\n- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).\n- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).\n- net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).\n- net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).\n- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172).\n- net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172).\n- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes).\n- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes).\n- net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447).\n- net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).\n- net: sfc: Replace in_interrupt() usage (git-fixes).\n- net: tipc: validate domain record count on input (bsc#1195254).\n- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).\n- netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447).\n- netsec: ignore \u0027phy-mode\u0027 device property on ACPI systems (git-fixes).\n- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).\n- nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).\n- ntb: intel: fix port config status offset for SPR (git-fixes).\n- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).\n- nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes).\n- nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes).\n- nvme: fix a possible use-after-free in controller reset during load (git-fixes).\n- powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files.\n- powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).\n- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449).\n- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).\n- powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278).\n- sched/core: Mitigate race (git-fixes)\n- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes).\n- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).\n- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes).\n- scsi: nsp_cs: Check of ioremap return value (git-fixes).\n- scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).\n- scsi: smartpqi: Add PCI IDs (bsc#1196627).\n- scsi: ufs: Fix race conditions related to driver data (git-fixes).\n- selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774).\n- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).\n- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).\n- soc: fsl: qe: Check of ioremap return value (git-fixes).\n- spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).\n- sr9700: sanity check for packet length (bsc#1196836).\n- tracing: Fix return value of __setup handlers (git-fixes).\n- tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).\n- tty: n_gsm: fix proper link termination after failed open (git-fixes).\n- usb: dwc2: use well defined macros for power_down (git-fixes).\n- usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).\n- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).\n- usb: gadget: rndis: add spinlock for rndis response list (git-fixes).\n- usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).\n- vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes).\n- xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).\n- xhci: re-initialize the HC during resume if HCE was set (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1037,SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1037",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1037-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1037-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221037-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1037-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010570.html"
},
{
"category": "self",
"summary": "SUSE Bug 1176447",
"url": "https://bugzilla.suse.com/1176447"
},
{
"category": "self",
"summary": "SUSE Bug 1176774",
"url": "https://bugzilla.suse.com/1176774"
},
{
"category": "self",
"summary": "SUSE Bug 1178134",
"url": "https://bugzilla.suse.com/1178134"
},
{
"category": "self",
"summary": "SUSE Bug 1179439",
"url": "https://bugzilla.suse.com/1179439"
},
{
"category": "self",
"summary": "SUSE Bug 1181147",
"url": "https://bugzilla.suse.com/1181147"
},
{
"category": "self",
"summary": "SUSE Bug 1191428",
"url": "https://bugzilla.suse.com/1191428"
},
{
"category": "self",
"summary": "SUSE Bug 1192273",
"url": "https://bugzilla.suse.com/1192273"
},
{
"category": "self",
"summary": "SUSE Bug 1193731",
"url": "https://bugzilla.suse.com/1193731"
},
{
"category": "self",
"summary": "SUSE Bug 1193787",
"url": "https://bugzilla.suse.com/1193787"
},
{
"category": "self",
"summary": "SUSE Bug 1193864",
"url": "https://bugzilla.suse.com/1193864"
},
{
"category": "self",
"summary": "SUSE Bug 1194463",
"url": "https://bugzilla.suse.com/1194463"
},
{
"category": "self",
"summary": "SUSE Bug 1194516",
"url": "https://bugzilla.suse.com/1194516"
},
{
"category": "self",
"summary": "SUSE Bug 1195211",
"url": "https://bugzilla.suse.com/1195211"
},
{
"category": "self",
"summary": "SUSE Bug 1195254",
"url": "https://bugzilla.suse.com/1195254"
},
{
"category": "self",
"summary": "SUSE Bug 1195403",
"url": "https://bugzilla.suse.com/1195403"
},
{
"category": "self",
"summary": "SUSE Bug 1195612",
"url": "https://bugzilla.suse.com/1195612"
},
{
"category": "self",
"summary": "SUSE Bug 1195897",
"url": "https://bugzilla.suse.com/1195897"
},
{
"category": "self",
"summary": "SUSE Bug 1195905",
"url": "https://bugzilla.suse.com/1195905"
},
{
"category": "self",
"summary": "SUSE Bug 1195939",
"url": "https://bugzilla.suse.com/1195939"
},
{
"category": "self",
"summary": "SUSE Bug 1195949",
"url": "https://bugzilla.suse.com/1195949"
},
{
"category": "self",
"summary": "SUSE Bug 1195987",
"url": "https://bugzilla.suse.com/1195987"
},
{
"category": "self",
"summary": "SUSE Bug 1196079",
"url": "https://bugzilla.suse.com/1196079"
},
{
"category": "self",
"summary": "SUSE Bug 1196095",
"url": "https://bugzilla.suse.com/1196095"
},
{
"category": "self",
"summary": "SUSE Bug 1196132",
"url": "https://bugzilla.suse.com/1196132"
},
{
"category": "self",
"summary": "SUSE Bug 1196155",
"url": "https://bugzilla.suse.com/1196155"
},
{
"category": "self",
"summary": "SUSE Bug 1196299",
"url": "https://bugzilla.suse.com/1196299"
},
{
"category": "self",
"summary": "SUSE Bug 1196301",
"url": "https://bugzilla.suse.com/1196301"
},
{
"category": "self",
"summary": "SUSE Bug 1196433",
"url": "https://bugzilla.suse.com/1196433"
},
{
"category": "self",
"summary": "SUSE Bug 1196468",
"url": "https://bugzilla.suse.com/1196468"
},
{
"category": "self",
"summary": "SUSE Bug 1196472",
"url": "https://bugzilla.suse.com/1196472"
},
{
"category": "self",
"summary": "SUSE Bug 1196627",
"url": "https://bugzilla.suse.com/1196627"
},
{
"category": "self",
"summary": "SUSE Bug 1196723",
"url": "https://bugzilla.suse.com/1196723"
},
{
"category": "self",
"summary": "SUSE Bug 1196779",
"url": "https://bugzilla.suse.com/1196779"
},
{
"category": "self",
"summary": "SUSE Bug 1196830",
"url": "https://bugzilla.suse.com/1196830"
},
{
"category": "self",
"summary": "SUSE Bug 1196836",
"url": "https://bugzilla.suse.com/1196836"
},
{
"category": "self",
"summary": "SUSE Bug 1196866",
"url": "https://bugzilla.suse.com/1196866"
},
{
"category": "self",
"summary": "SUSE Bug 1196868",
"url": "https://bugzilla.suse.com/1196868"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-0920 page",
"url": "https://www.suse.com/security/cve/CVE-2021-0920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39657 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44879 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0487 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0617 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0644 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24448 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24958 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24959 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25258 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25636 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26490 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26490/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-03-30T07:36:59Z",
"generator": {
"date": "2022-03-30T07:36:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1037-1",
"initial_release_date": "2022-03-30T07:36:59Z",
"revision_history": [
{
"date": "2022-03-30T07:36:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"product": {
"name": "kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"product_id": "kernel-devel-azure-5.3.18-150300.38.50.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"product": {
"name": "kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"product_id": "kernel-source-azure-5.3.18-150300.38.50.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "cluster-md-kmp-azure-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "dlm-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "dlm-kmp-azure-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "gfs2-kmp-azure-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "kernel-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "kernel-azure-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"product_id": "kernel-azure-devel-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "kernel-azure-extra-5.3.18-150300.38.50.1.x86_64",
"product_id": "kernel-azure-extra-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-devel-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "kernel-azure-livepatch-devel-5.3.18-150300.38.50.1.x86_64",
"product_id": "kernel-azure-livepatch-devel-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "kernel-azure-optional-5.3.18-150300.38.50.1.x86_64",
"product_id": "kernel-azure-optional-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "kernel-syms-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "kselftests-kmp-azure-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "ocfs2-kmp-azure-5.3.18-150300.38.50.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-5.3.18-150300.38.50.1.x86_64",
"product_id": "reiserfs-kmp-azure-5.3.18-150300.38.50.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.3.18-150300.38.50.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64"
},
"product_reference": "kernel-azure-5.3.18-150300.38.50.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.3.18-150300.38.50.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64"
},
"product_reference": "kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-5.3.18-150300.38.50.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch"
},
"product_reference": "kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-5.3.18-150300.38.50.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch"
},
"product_reference": "kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.3.18-150300.38.50.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
},
"product_reference": "kernel-syms-azure-5.3.18-150300.38.50.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-0920"
}
],
"notes": [
{
"category": "general",
"text": "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-0920",
"url": "https://www.suse.com/security/cve/CVE-2021-0920"
},
{
"category": "external",
"summary": "SUSE Bug 1193731 for CVE-2021-0920",
"url": "https://bugzilla.suse.com/1193731"
},
{
"category": "external",
"summary": "SUSE Bug 1194463 for CVE-2021-0920",
"url": "https://bugzilla.suse.com/1194463"
},
{
"category": "external",
"summary": "SUSE Bug 1195939 for CVE-2021-0920",
"url": "https://bugzilla.suse.com/1195939"
},
{
"category": "external",
"summary": "SUSE Bug 1199255 for CVE-2021-0920",
"url": "https://bugzilla.suse.com/1199255"
},
{
"category": "external",
"summary": "SUSE Bug 1200084 for CVE-2021-0920",
"url": "https://bugzilla.suse.com/1200084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "important"
}
],
"title": "CVE-2021-0920"
},
{
"cve": "CVE-2021-39657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39657"
}
],
"notes": [
{
"category": "general",
"text": "In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39657",
"url": "https://www.suse.com/security/cve/CVE-2021-39657"
},
{
"category": "external",
"summary": "SUSE Bug 1193864 for CVE-2021-39657",
"url": "https://bugzilla.suse.com/1193864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "low"
}
],
"title": "CVE-2021-39657"
},
{
"cve": "CVE-2021-44879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44879"
}
],
"notes": [
{
"category": "general",
"text": "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44879",
"url": "https://www.suse.com/security/cve/CVE-2021-44879"
},
{
"category": "external",
"summary": "SUSE Bug 1195987 for CVE-2021-44879",
"url": "https://bugzilla.suse.com/1195987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-44879"
},
{
"cve": "CVE-2022-0487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0487"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0487",
"url": "https://www.suse.com/security/cve/CVE-2022-0487"
},
{
"category": "external",
"summary": "SUSE Bug 1194516 for CVE-2022-0487",
"url": "https://bugzilla.suse.com/1194516"
},
{
"category": "external",
"summary": "SUSE Bug 1195949 for CVE-2022-0487",
"url": "https://bugzilla.suse.com/1195949"
},
{
"category": "external",
"summary": "SUSE Bug 1198615 for CVE-2022-0487",
"url": "https://bugzilla.suse.com/1198615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "important"
}
],
"title": "CVE-2022-0487"
},
{
"cve": "CVE-2022-0617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0617"
}
],
"notes": [
{
"category": "general",
"text": "A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0617",
"url": "https://www.suse.com/security/cve/CVE-2022-0617"
},
{
"category": "external",
"summary": "SUSE Bug 1196079 for CVE-2022-0617",
"url": "https://bugzilla.suse.com/1196079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-0617"
},
{
"cve": "CVE-2022-0644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0644"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0644",
"url": "https://www.suse.com/security/cve/CVE-2022-0644"
},
{
"category": "external",
"summary": "SUSE Bug 1196155 for CVE-2022-0644",
"url": "https://bugzilla.suse.com/1196155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-0644"
},
{
"cve": "CVE-2022-24448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24448"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24448",
"url": "https://www.suse.com/security/cve/CVE-2022-24448"
},
{
"category": "external",
"summary": "SUSE Bug 1195612 for CVE-2022-24448",
"url": "https://bugzilla.suse.com/1195612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-24448"
},
{
"cve": "CVE-2022-24958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24958"
}
],
"notes": [
{
"category": "general",
"text": "drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-\u003ebuf release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24958",
"url": "https://www.suse.com/security/cve/CVE-2022-24958"
},
{
"category": "external",
"summary": "SUSE Bug 1195905 for CVE-2022-24958",
"url": "https://bugzilla.suse.com/1195905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-24958"
},
{
"cve": "CVE-2022-24959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24959"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24959",
"url": "https://www.suse.com/security/cve/CVE-2022-24959"
},
{
"category": "external",
"summary": "SUSE Bug 1195897 for CVE-2022-24959",
"url": "https://bugzilla.suse.com/1195897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-24959"
},
{
"cve": "CVE-2022-25258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25258"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25258",
"url": "https://www.suse.com/security/cve/CVE-2022-25258"
},
{
"category": "external",
"summary": "SUSE Bug 1196095 for CVE-2022-25258",
"url": "https://bugzilla.suse.com/1196095"
},
{
"category": "external",
"summary": "SUSE Bug 1196132 for CVE-2022-25258",
"url": "https://bugzilla.suse.com/1196132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "important"
}
],
"title": "CVE-2022-25258"
},
{
"cve": "CVE-2022-25636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25636"
}
],
"notes": [
{
"category": "general",
"text": "net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25636",
"url": "https://www.suse.com/security/cve/CVE-2022-25636"
},
{
"category": "external",
"summary": "SUSE Bug 1196299 for CVE-2022-25636",
"url": "https://bugzilla.suse.com/1196299"
},
{
"category": "external",
"summary": "SUSE Bug 1196301 for CVE-2022-25636",
"url": "https://bugzilla.suse.com/1196301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "important"
}
],
"title": "CVE-2022-25636"
},
{
"cve": "CVE-2022-26490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26490"
}
],
"notes": [
{
"category": "general",
"text": "st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26490",
"url": "https://www.suse.com/security/cve/CVE-2022-26490"
},
{
"category": "external",
"summary": "SUSE Bug 1196830 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1196830"
},
{
"category": "external",
"summary": "SUSE Bug 1201656 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1201656"
},
{
"category": "external",
"summary": "SUSE Bug 1201969 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1201969"
},
{
"category": "external",
"summary": "SUSE Bug 1211495 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1211495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.50.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.50.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.50.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T07:36:59Z",
"details": "important"
}
],
"title": "CVE-2022-26490"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…