Overview

File _patchinfo of Package patchinfo.22642

<patchinfo incident="22642">
  <issue id="1012382" tracker="bnc">Continuous stable update tracker for 4.4</issue>
  <issue id="1179960" tracker="bnc">VUL-0: CVE-2020-27825: kernel: use-after-free in the ftrace ring buffer resizing logic</issue>
  <issue id="1183696" tracker="bnc">VUL-0: CVE-2020-35519: kernel-source-azure,kernel-source,kernel-source-rt: x25_bind out-of-bounds read</issue>
  <issue id="1186207" tracker="bnc">VUL-0: CVE-2021-3564: kernel-source: Implementation bug in the Linux Bluetooth subsystem</issue>
  <issue id="1192032" tracker="bnc">VUL-0: CVE-2021-0935: kernel-source,kernel-source-rt,kernel-source-azure: In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free</issue>
  <issue id="1192847" tracker="bnc">VUL-0: CVE-2021-43976: kernel-source,kernel-source-azure,kernel-source-rt: A bug in mwifiex_usb_recv allows an attacker (who can connect a crafted USB device) to cause a denial of service</issue>
  <issue id="1192877" tracker="bnc">VUL-0: CVE-2021-33098: kernel-source-azure,kernel-source,kernel-source-rt: potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation</issue>
  <issue id="1192946" tracker="bnc">VUL-0: CVE-2021-4002: kernel-source: Missing TLB flush can lead to leak or corruption of data in hugetlbfs</issue>
  <issue id="1193157" tracker="bnc">VUL-0: CVE-2019-0136: kernel-source,kernel-source-rt,kernel-source-azure: Insufficient access control may allow an unauthenticated user to potentially enable denial of service</issue>
  <issue id="1193440" tracker="bnc">VUL-0: CVE-2021-28711,CVE-2021-28712,CVE-2021-28713: xen: Rogue backends can cause DoS of guests via high frequency events (XSA-391)</issue>
  <issue id="1193442" tracker="bnc">VUL-0: CVE-2021-28714,CVE-2021-28715: kernel-source,kernel-source-azure,kernel-source-rt: xen:  Guest can force Linux netback driver to hog large amounts of kernel memory (XSA-392)</issue>
  <issue id="1193575" tracker="bnc">VUL-0: CVE-2018-25020: kernel-source-rt, kernel-source-azure, kernel-source: overflow in the BPF subsystem when a long jump has to be performed</issue>
  <issue id="1193669" tracker="bnc">kernel-source-rt, kernel-source-azure, kernel-source: kprobes bug allows overwriting kernel memory</issue>
  <issue id="1193727" tracker="bnc">VUL-0: CVE-2021-4083: kernel-source-azure, kernel-source-rt, kernel-source: kernel: fget: check that the fd still exists after getting a ref to it</issue>
  <issue id="1193861" tracker="bnc">VUL-1: CVE-2021-39648: kernel-source-azure,kernel-source-rt,kernel-source: In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclos</issue>
  <issue id="1193864" tracker="bnc">VUL-1: CVE-2021-39657: kernel-source-azure,kernel-source,kernel-source-rt: In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure</issue>
  <issue id="1193867" tracker="bnc">VUL-1: CVE-2021-45095: kernel-source-azure,kernel-source-rt,kernel-source: pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.</issue>
  <issue id="1194001" tracker="bnc">VUL-0: CVE-2021-4149: kernel-source, kernel-source-azure, kernel-source-rt: Improper lock operation in btrfs</issue>
  <issue id="1194087" tracker="bnc">VUL-1: CVE-2021-45486: kernel-source, kernel-source-rt, kernel-source-azure: information leak in the IPv4 implementation in the Linux kernel before 5.12.4</issue>
  <issue id="1194094" tracker="bnc">VUL-1: CVE-2021-45485: kernel-source-rt, kernel-source-azure, kernel-source: information leak in the IPv6 implementation in the Linux kernel before 5.13.3</issue>
  <issue id="1194272" tracker="bnc">VUL-0: CVE-2021-4155: kernel-source: xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate</issue>
  <issue id="1194302" tracker="bnc">VUL-0: CVE-2021-4197: kernel-source-azure,kernel-source,kernel-source-rt: cgroup: Use open-time creds and namespace for migration perm checks</issue>
  <issue id="1194516" tracker="bnc">VUL-0: kernel: moxart-mmc: use-after-free in moxart_remove</issue>
  <issue id="1194529" tracker="bnc">VUL-0: CVE-2021-4202: kernel-source-rt,kernel-source,kernel-source-azure: kernel: Race condition in nci_request() leads to use after free while the device is getting removed</issue>
  <issue id="1194880" tracker="bnc">VUL-0: CVE-2022-0330: kernel-source: Security sensitive bug in the i915 kernel driver</issue>
  <issue id="2021-3564" tracker="cve" />
  <issue id="2021-45095" tracker="cve" />
  <issue id="2021-39657" tracker="cve" />
  <issue id="2021-39648" tracker="cve" />
  <issue id="2022-0330" tracker="cve" />
  <issue id="2021-45485" tracker="cve" />
  <issue id="2021-4197" tracker="cve" />
  <issue id="2021-4202" tracker="cve" />
  <issue id="2021-4155" tracker="cve" />
  <issue id="2021-4083" tracker="cve" />
  <issue id="2021-4149" tracker="cve" />
  <issue id="2021-45486" tracker="cve" />
  <issue id="2021-28715" tracker="cve" />
  <issue id="2021-28713" tracker="cve" />
  <issue id="2021-28712" tracker="cve" />
  <issue id="2021-28711" tracker="cve" />
  <issue id="2018-25020" tracker="cve" />
  <issue id="2021-0935" tracker="cve" />
  <issue id="2020-35519" tracker="cve" />
  <issue id="2021-33098" tracker="cve" />
  <issue id="2021-43976" tracker="cve" />
  <issue id="2019-0136" tracker="cve" />
  <issue id="2021-4002" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>osalvador</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575).
- CVE-2019-0136: Fixed insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver that may have allowed an unauthenticated user to potentially enable denial of service via adjacent access (bnc#1193157).
- CVE-2020-35519: Fixed out-of-bounds memory access in x25_bind in net/x25/af_x25.c. A bounds check failure allowed a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information (bnc#1183696).
- CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032).
- CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442).
- CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that may have allowed an authenticated user to potentially cause denial of service via local access (bnc#1192877).
- CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727).
- CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001).
- CVE-2021-4155: Fixed XFS map issue when unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (bsc#1194272).
- CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302).
- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529).
- CVE-2021-43976: Fixed insufficient access control in drivers/net/wireless/marvell/mwifiex/usb.c that allowed an attacker who connect a crafted USB device to cause denial of service (bnc#1192847).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-45485: Fixed information leak in the IPv6 implementation in net/ipv6/output_core.c (bnc#1194094).
- CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).


The following non-security bugs were fixed:

- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- memstick: rtsx_usb_ms: fix UAF
- moxart: fix potential use-after-free on remove path (bsc1194516).
- net/x25: fix a race in x25_bind() (networking-stable-19_03_15).
- ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960).
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- xen-netfront: do not assume sk_buff_head list is empty in error handling (git-fixes).
- xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (git-fixes).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not bug in case of too many frags (bnc#1012382).
- xen/netfront: do not cache skb_shinfo() (bnc#1012382).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places