Overview

File _patchinfo of Package patchinfo.22809

<patchinfo incident="22809">
  <issue id="1194460" tracker="bnc">VUL-0: CVE-2021-4083: kernel live patch: fget: check that the fd still exists after getting a ref to it</issue>
  <issue id="1194533" tracker="bnc">VUL-0: CVE-2021-4202: kernel live patch: kernel: Race condition in nci_request() leads to use after free while the device is getting removed</issue>
  <issue id="1195308" tracker="bnc">VUL-0: EMBARGOED: CVE-2022-0435: kernel live patch: tipc: Remote Stack Overflow in Linux Kernel</issue>
  <issue id="2021-4083" tracker="cve" />
  <issue id="2021-4202" tracker="cve" />
  <issue id="2022-0435" tracker="cve" />
  <category>security</category>
  <rating>critical</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 5.3.18-57 fixes several issues.

The following security issues were fixed:

- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533).
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460).
</description>
<summary>Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places