SUSE-SU-2022:3263-1
Vulnerability Summary
Timeline
Description
Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2019-3900: Fixed infinite loop the vhost_net kernel module that could result in a DoS scenario (bnc#1133374). The following non-security bugs were fixed: - net_sched: cls_route: Disallowed handle of 0 (bsc#1202393). - mm, rmap: Fixed anon_vma->degree ambiguity leading to double-reuse (bsc#1203098). - lightnvm: Removed lightnvm implemenation (bsc#1191881).
Affected Systems
- suse•kernel-default&distro=SUSE Linux Enterprise Server 12 SP3-BCL
< 4.4.180-94.174.1
- suse•kernel-source&distro=SUSE Linux Enterprise Server 12 SP3-BCL
< 4.4.180-94.174.1
- suse•kernel-syms&distro=SUSE Linux Enterprise Server 12 SP3-BCL
< 4.4.180-94.174.1
References (26)
- https://www.suse.com/support/update/announcement/2022/suse-su-20223263-1/
- https://bugzilla.suse.com/1133374
- https://bugzilla.suse.com/1191881
- https://bugzilla.suse.com/1196616
- https://bugzilla.suse.com/1201420
- https://bugzilla.suse.com/1201726
- https://bugzilla.suse.com/1201948
- https://bugzilla.suse.com/1202096
- https://bugzilla.suse.com/1202346
- https://bugzilla.suse.com/1202347
- https://bugzilla.suse.com/1202393
- https://bugzilla.suse.com/1202897
- https://bugzilla.suse.com/1202898
- https://bugzilla.suse.com/1203098
- https://bugzilla.suse.com/1203107
- https://www.suse.com/security/cve/CVE-2019-3900
- https://www.suse.com/security/cve/CVE-2020-36516
- https://www.suse.com/security/cve/CVE-2022-20368
- https://www.suse.com/security/cve/CVE-2022-20369
- https://www.suse.com/security/cve/CVE-2022-21385
- https://www.suse.com/security/cve/CVE-2022-2588
- https://www.suse.com/security/cve/CVE-2022-26373
- https://www.suse.com/security/cve/CVE-2022-2991
- https://www.suse.com/security/cve/CVE-2022-3028
- https://www.suse.com/security/cve/CVE-2022-36879
- https://www.suse.com/security/cve/CVE-2022-39188