Overview

File _patchinfo of Package patchinfo.26387

<patchinfo incident="26387">
  <issue id="1204292" tracker="bnc">VUL-0: CVE-2022-42719: kernel live patch: remote crash/code execution with wlan frames when parsing a multi-BSSID element</issue>
  <issue id="1204291" tracker="bnc">VUL-0: CVE-2022-42720: kernel live patch: remote crash/code execution due to refcounting bugs in multi-BSS handling</issue>
  <issue id="1204290" tracker="bnc">VUL-0: CVE-2022-42721: kernel live patch: remote crash/code execution due list corruption in the wlan stack</issue>
  <issue id="1203067" tracker="bnc">VUL-0: CVE-2022-39189: kernel live patch: unprivileged user can compromise guest kernel via PV TLB flush on preempted vCPU</issue>
  <issue id="1203624" tracker="bnc">VUL-0: CVE-2022-41222: kernel live patch: page use-after-free via stale TLB caused by rmap lock not held during PUD move</issue>
  <issue id="1203994" tracker="bnc">VUL-0: CVE-2022-41674: kernel live patch: remote crash/code execution with wlan frames</issue>
  <issue id="2022-39189" tracker="cve" />
  <issue id="2022-41222" tracker="cve" />
  <issue id="2022-41674" tracker="cve" />
  <issue id="2022-42719" tracker="cve" />
  <issue id="2022-42720" tracker="cve" />
  <issue id="2022-42721" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 5.3.18-150300_59_43 fixes several issues.

The following security issues were fixed:

- CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994).
- CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292).
- CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291).
- CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB (bsc#1203624).
- CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067).
</description>
<summary>Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3)</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places