Overview

File _patchinfo of Package patchinfo.27692

<patchinfo incident="27692">
  <issue id="1203693" tracker="bnc">kernel-default failed to build for aarch64</issue>
  <issue id="1205149" tracker="bnc">%kernel_module_package_buildreqs needs to require suse-kernel-rpm-scriptlets</issue>
  <issue id="1206073" tracker="bnc">VUL-0: CVE-2022-3564: kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c</issue>
  <issue id="1206389" tracker="bnc">VUL-0: CVE-2022-3108: kernel: kmemdup's return value not checked</issue>
  <issue id="1206395" tracker="bnc">VUL-0: CVE-2022-3107: kernel: Unchecked kvmalloc_array return leads to null pointer dereference</issue>
  <issue id="1206664" tracker="bnc">VUL-0: CVE-2022-4662: kernel-source-azure,kernel-source-rt,kernel-source:  Recursive locking violation in usb-storage that can cause the kernel to deadlock</issue>
  <issue id="1206677" tracker="bnc">VUL-0: kernel-source: sctp_diag: fix type confusion in inet_diag_msg_sctpasoc_fill()</issue>
  <issue id="1206784" tracker="bnc">VUL-0: kernel-source: HID: drop assumptions on non-empty lists</issue>
  <issue id="1207036" tracker="bnc">VUL-0: CVE-2023-23454: kernel: type-confusion in the CBQ network scheduler</issue>
  <issue id="1207186" tracker="bnc">VUL-0: kernel-source,kernel-source-rt,kernel-source-azure: HID: betop: check shape of output reports</issue>
  <issue id="1207237" tracker="bnc">VUL-0: CVE-2022-47929: kernel-source,kernel-source-rt,kernel-source-azure: NULL pointer dereference bug in the traffic control subsystem</issue>
  <issue id="2022-47929" tracker="cve" />
  <issue id="2023-23454" tracker="cve" />
  <issue id="2022-4662" tracker="cve" />
  <issue id="2022-3564" tracker="cve" />
  <issue id="2022-3108" tracker="cve" />
  <issue id="2022-3107" tracker="cve" />
  <issue id="PED-1706" tracker="jsc" />
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395).
- CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).

The following non-security bugs were fixed:

- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186).
- HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- Reverted "constraints: increase disk space for all architectures" (bsc#1203693)
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).

</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places