| Revision Date: | 2022-02-21 | Version: | 1 |
| Title: | Security update for the Linux RT Kernel (Critical) |
| Description: |
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
The following non-security bugs were fixed:
- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1177599
1183405
1185377
1187428
1188605
1193096
1193506
1193861
1193864
1193867
1194048
1194227
1194880
1195009
1195065
1195184
1195254
CVE-2021-22600
CVE-2021-39648
CVE-2021-39657
CVE-2021-45095
CVE-2022-0330
CVE-2022-22942
SUSE-SU-2022:0544-1
|
| Platform(s): | SUSE Linux Enterprise Module for Realtime packages 15 SP2
SUSE Linux Enterprise Real Time 15 SP2
| Product(s): | |
| Definition Synopsis |
| Release Information SUSE Linux Enterprise Module for Realtime packages 15 SP2 is installed
OR SUSE Linux Enterprise Real Time 15 SP2 is installed
AND Package Information
cluster-md-kmp-rt-5.3.18-73.1 is installed
OR dlm-kmp-rt-5.3.18-73.1 is installed
OR gfs2-kmp-rt-5.3.18-73.1 is installed
OR kernel-devel-rt-5.3.18-73.1 is installed
OR kernel-rt-5.3.18-73.1 is installed
OR kernel-rt-devel-5.3.18-73.1 is installed
OR kernel-rt_debug-5.3.18-73.1 is installed
OR kernel-rt_debug-devel-5.3.18-73.1 is installed
OR kernel-source-rt-5.3.18-73.1 is installed
OR kernel-syms-rt-5.3.18-73.1 is installed
OR ocfs2-kmp-rt-5.3.18-73.1 is installed
|