File _patchinfo of Package patchinfo.38187
<patchinfo incident="38187"> <issue id="1065729" tracker="bnc">[trackerbug] 4.12 powerpc base kernel fixes</issue> <issue id="1197158" tracker="bnc">resource RAID failed during cluster patch, Mdadm gets floating point error</issue> <issue id="1197227" tracker="bnc">VUL-0: CVE-2022-1015,CVE-2022-1016: kernel-source: Vulnerability in nf_tables can cause privilege escalation</issue> <issue id="1197331" tracker="bnc">VUL-0: CVE-2022-1048: kernel-source: Race Condition in snd_pcm_hw_free leading to use-after-free</issue> <issue id="1197472" tracker="bnc">VUL-1: CVE-2022-0168: kernel-source,kernel-source-rt,kernel-source-azure: smb2_ioctl_query_info NULL Pointer Dereference</issue> <issue id="1198577" tracker="bnc">VUL-0: CVE-2022-1184: kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image</issue> <issue id="1198660" tracker="bnc">Request SUSE to pick up this kernel upstream patch in SLES 15 3, SLES 15 SP 2 and SLES 12 SP 5 releases to fix a potential drmgr add/remove crash issue</issue> <issue id="1199657" tracker="bnc">VUL-0: CVE-2022-29900 CVE-2022-29901: kernel: RETBLEED speculative issue</issue> <issue id="1200571" tracker="bnc">execve() incorrectly handles empty argv array</issue> <issue id="1202672" tracker="bnc">VUL-0: CVE-2022-2977: kernel-source,kernel-source-rt,kernel-source-azure: use-after-free Read in put_device (/dev/vtpmx)</issue> <issue id="1203769" tracker="bnc">VUL-0: CVE-2022-3303: kernel: race condition in snd_pcm_oss_sync leads to NULL pointer dereference</issue> <issue id="1207186" tracker="bnc">VUL-0: kernel-source,kernel-source-rt,kernel-source-azure: HID: betop: check shape of output reports</issue> <issue id="1209547" tracker="bnc">VUL-0: CVE-2017-5753: kernel-source,kernel-source-rt,kernel-source-azure: Upstream reports spectre V1 vulnerability on netlink</issue> <issue id="1210647" tracker="bnc">VUL-0: CVE-2023-2162: kernel-source-rt,kernel-source,kernel-source-azure: UAF during login when accessing the shost ipaddress</issue> <issue id="1213167" tracker="bnc">VUL-0: CVE-2023-3567: kernel-source,kernel-source-rt,kernel-source-azure: use after free in vcs_read() in the vc_screen driver due to race condition</issue> <issue id="1224867" tracker="bnc">VUL-0: CVE-2021-47248: kernel: udp: fix race between close() and udp_abort()</issue> <issue id="1225742" tracker="bnc">VUL-0: CVE-2024-36905: kernel: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets</issue> <issue id="1230326" tracker="bnc">ext4: xfstests ext4/058 BUG and ext4/059 OOPS</issue> <issue id="1231375" tracker="bnc">Fix pointer-leak due to insufficient speculative store bypass mitigation in BPF verifier</issue> <issue id="1233479" tracker="bnc">VUL-0: CVE-2024-50290: kernel: media: cx24116: prevent overflows on SNR calculus</issue> <issue id="1233557" tracker="bnc">VUL-0: CVE-2024-53063: kernel: media: dvbdev: prevent the risk of out of memory access</issue> <issue id="1235433" tracker="bnc">VUL-0: CVE-2024-56642: kernel: tipc: fix use-after-free of kernel socket in cleanup_bearer().</issue> <issue id="1237768" tracker="bnc">VUL-0: CVE-2021-47633: kernel: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111</issue> <issue id="1237815" tracker="bnc">VUL-0: CVE-2022-49264: kernel: exec: Force single empty string when argv is empty</issue> <issue id="1237903" tracker="bnc">VUL-0: CVE-2022-49051: kernel: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup</issue> <issue id="1237918" tracker="bnc">VUL-0: CVE-2022-49053: kernel: scsi: target: tcmu: Fix possible page UAF</issue> <issue id="1238030" tracker="bnc">VUL-0: CVE-2022-49526: kernel: md/bitmap: don't set sb values if can't pass sanity check</issue> <issue id="1238079" tracker="bnc">VUL-0: CVE-2022-49098: kernel: Drivers: hv: vmbus: Fix potential crash on module unload</issue> <issue id="1238271" tracker="bnc">VUL-0: CVE-2022-49288: kernel: ALSA: pcm: Fix races among concurrent prealloc proc writes</issue> <issue id="1238272" tracker="bnc">VUL-0: CVE-2022-49272: kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock</issue> <issue id="1238274" tracker="bnc">VUL-0: CVE-2022-49196: kernel: powerpc/pseries: Fix use after free in remove_phb_dynamic()</issue> <issue id="1238276" tracker="bnc">VUL-0: CVE-2022-49287: kernel: tpm: fix reference counting for struct tpm_chip</issue> <issue id="1238382" tracker="bnc">VUL-0: CVE-2022-49343: kernel: ext4: avoid cycles in directory h-tree</issue> <issue id="1238454" tracker="bnc">VUL-0: CVE-2022-49733: kernel: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC</issue> <issue id="1238599" tracker="bnc">VUL-0: CVE-2022-49708: kernel: ext4: fix bug_on ext4_mb_use_inode_pa</issue> <issue id="1238618" tracker="bnc">VUL-0: CVE-2022-49611: kernel: x86/speculation: Fill RSB on vmexit for IBRS</issue> <issue id="1238626" tracker="bnc">VUL-0: CVE-2022-49271: kernel: cifs: prevent bad output lengths in smb2_ioctl_query_info()</issue> <issue id="1238705" tracker="bnc">VUL-0: CVE-2022-49291: kernel: ALSA: pcm: fix races among concurrent hw_params and hw_free calls</issue> <issue id="1238710" tracker="bnc">VUL-0: CVE-2022-49413: kernel: bfq: update cgroup information before merging bio</issue> <issue id="1238719" tracker="bnc">VUL-0: CVE-2022-49275: kernel: can: m_can: m_can_tx_handler(): fix use after free of skb</issue> <issue id="1238729" tracker="bnc">VUL-0: CVE-2022-49545: kernel: ALSA: usb-audio: cancel pending work at closing a MIDI substream</issue> <issue id="1238787" tracker="bnc">VUL-0: CVE-2022-49563: kernel: crypto: qat - add param check for RSA</issue> <issue id="1238789" tracker="bnc">VUL-0: CVE-2022-49564: kernel: crypto: qat - add param check for DH</issue> <issue id="1238911" tracker="bnc">VUL-0: CVE-2025-21772: kernel: partitions: mac: fix handling of bogus partition table</issue> <issue id="1238919" tracker="bnc">VUL-0: CVE-2022-49465: kernel: blk-throttle: set BIO_THROTTLED when bio has been throttled</issue> <issue id="1238952" tracker="bnc">VUL-0: CVE-2022-49610: kernel: KVM: VMX: prevent RSB underflow before vmenter</issue> <issue id="1239035" tracker="bnc">VUL-0: CVE-2022-49707: kernel: ext4: add reserved GDT blocks check</issue> <issue id="1239076" tracker="bnc">VUL-0: CVE-2024-57996: kernel: net_sched: sch_sfq: don't allow 1 packet limit</issue> <issue id="1239109" tracker="bnc">VUL-0: CVE-2024-58014: kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()</issue> <issue id="1239115" tracker="bnc">VUL-0: CVE-2025-21780: kernel: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()</issue> <issue id="1239454" tracker="bnc">VUL-0: CVE-2022-49293: kernel: netfilter: nf_tables: initialize registers in nft_do_chain()</issue> <issue id="1240207" tracker="bnc">VUL-0: CVE-2022-49739: kernel: gfs2: Always check inode size of inline inodes</issue> <issue id="1240213" tracker="bnc">VUL-0: CVE-2023-52974: kernel: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress</issue> <issue id="1240218" tracker="bnc">VUL-0: CVE-2023-52973: kernel: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF</issue> <issue id="1240227" tracker="bnc">VUL-0: CVE-2023-53000: kernel: netlink: prevent potential spectre v1 gadgets</issue> <issue id="1240272" tracker="bnc">VUL-0: CVE-2023-53024: kernel: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation</issue> <issue id="1240276" tracker="bnc">VUL-0: CVE-2023-52935: kernel: mm/khugepaged: fix ->anon_vma race</issue> <issue id="1240288" tracker="bnc">VUL-0: CVE-2023-53015: kernel: HID: betop: check shape of output reports</issue> <issue id="2017-5753" tracker="cve" /> <issue id="2021-47248" tracker="cve" /> <issue id="2021-47633" tracker="cve" /> <issue id="2022-0168" tracker="cve" /> <issue id="2022-1016" tracker="cve" /> <issue id="2022-1048" tracker="cve" /> <issue id="2022-1184" tracker="cve" /> <issue id="2022-2977" tracker="cve" /> <issue id="2022-29900" tracker="cve" /> <issue id="2022-29901" tracker="cve" /> <issue id="2022-3303" tracker="cve" /> <issue id="2022-49051" tracker="cve" /> <issue id="2022-49053" tracker="cve" /> <issue id="2022-49098" tracker="cve" /> <issue id="2022-49196" tracker="cve" /> <issue id="2022-49264" tracker="cve" /> <issue id="2022-49271" tracker="cve" /> <issue id="2022-49272" tracker="cve" /> <issue id="2022-49275" tracker="cve" /> <issue id="2022-49287" tracker="cve" /> <issue id="2022-49288" tracker="cve" /> <issue id="2022-49291" tracker="cve" /> <issue id="2022-49293" tracker="cve" /> <issue id="2022-49343" tracker="cve" /> <issue id="2022-49413" tracker="cve" /> <issue id="2022-49465" tracker="cve" /> <issue id="2022-49526" tracker="cve" /> <issue id="2022-49545" tracker="cve" /> <issue id="2022-49563" tracker="cve" /> <issue id="2022-49564" tracker="cve" /> <issue id="2022-49610" tracker="cve" /> <issue id="2022-49611" tracker="cve" /> <issue id="2022-49707" tracker="cve" /> <issue id="2022-49708" tracker="cve" /> <issue id="2022-49733" tracker="cve" /> <issue id="2022-49739" tracker="cve" /> <issue id="2023-2162" tracker="cve" /> <issue id="2023-3567" tracker="cve" /> <issue id="2023-52935" tracker="cve" /> <issue id="2023-52973" tracker="cve" /> <issue id="2023-52974" tracker="cve" /> <issue id="2023-53000" tracker="cve" /> <issue id="2023-53015" tracker="cve" /> <issue id="2023-53024" tracker="cve" /> <issue id="2024-50290" tracker="cve" /> <issue id="2024-53063" tracker="cve" /> <issue id="2024-56642" tracker="cve" /> <issue id="2024-57996" tracker="cve" /> <issue id="2024-58014" tracker="cve" /> <issue id="2025-21772" tracker="cve" /> <issue id="2025-21780" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>jdelvare</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867). - CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719). - CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729). - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787). - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
