File _patchinfo of Package patchinfo.22796
<patchinfo incident="22796"> <issue id="1194460" tracker="bnc">VUL-0: CVE-2021-4083: kernel live patch: fget: check that the fd still exists after getting a ref to it</issue> <issue id="1194533" tracker="bnc">VUL-0: CVE-2021-4202: kernel live patch: kernel: Race condition in nci_request() leads to use after free while the device is getting removed</issue> <issue id="1195308" tracker="bnc">VUL-0: EMBARGOED: CVE-2022-0435: kernel live patch: tipc: Remote Stack Overflow in Linux Kernel</issue> <issue id="2021-4083" tracker="cve" /> <issue id="2021-4202" tracker="cve" /> <issue id="2022-0435" tracker="cve" /> <category>security</category> <rating>critical</rating> <packager>nstange</packager> <description>This update for the Linux Kernel 5.3.18-24_52 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). </description> <summary>Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)</summary> </patchinfo>




