Vulnerability from csaf_suse
Published
2022-04-19 09:03
Modified
2022-04-19 09:03
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space (bnc#1196823).
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032).
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033).
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331).
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation (bnc#1197702).
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation (bnc#1197462).
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836).
- CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196956).
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731).
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image (bsc#1196079).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235).
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-28748: Fixed various information leaks that could be caused by malicious USB devices (bsc#1196018).
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761).
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227).
The following non-security bugs were fixed:
- cifs: use the correct max-length for dentry_path_raw() (bsc#1196196).
- gve: multiple bugfixes (jsc#SLE-23652).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
Patchnames
SUSE-2022-1257,SUSE-SLE-Module-RT-15-SP2-2022-1257,SUSE-SUSE-MicroOS-5.0-2022-1257
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space (bnc#1196823).\n- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032).\n- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033).\n- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).\n- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331).\n- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation (bnc#1197702).\n- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation (bnc#1197462).\n- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366).\n- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836).\n- CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196956).\n- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731).\n- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488).\n- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).\n- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image (bsc#1196079).\n- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235).\n- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).\n- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).\n- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).\n- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).\n- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).\n- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).\n- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).\n- CVE-2022-28748: Fixed various information leaks that could be caused by malicious USB devices (bsc#1196018).\n- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155)\n- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761).\n- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227).\n\n\nThe following non-security bugs were fixed:\n\n- cifs: use the correct max-length for dentry_path_raw() (bsc#1196196).\n- gve: multiple bugfixes (jsc#SLE-23652).\n- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).\n- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).\n- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639).\n- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).\n- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-1257,SUSE-SLE-Module-RT-15-SP2-2022-1257,SUSE-SUSE-MicroOS-5.0-2022-1257", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1257-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:1257-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20221257-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:1257-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010746.html", }, { category: "self", summary: "SUSE Bug 1179639", url: "https://bugzilla.suse.com/1179639", }, { category: "self", summary: "SUSE Bug 1189126", url: "https://bugzilla.suse.com/1189126", }, { category: "self", summary: "SUSE Bug 1189562", url: "https://bugzilla.suse.com/1189562", }, { category: "self", summary: "SUSE Bug 1193731", url: "https://bugzilla.suse.com/1193731", }, { category: "self", summary: "SUSE Bug 1194516", url: "https://bugzilla.suse.com/1194516", }, { category: "self", summary: "SUSE Bug 1194943", url: "https://bugzilla.suse.com/1194943", }, { category: "self", summary: "SUSE Bug 1195051", url: "https://bugzilla.suse.com/1195051", }, { category: "self", summary: "SUSE Bug 1195254", url: "https://bugzilla.suse.com/1195254", }, { category: "self", summary: "SUSE Bug 1195286", url: "https://bugzilla.suse.com/1195286", }, { category: "self", summary: "SUSE Bug 1195353", url: "https://bugzilla.suse.com/1195353", }, { category: "self", summary: "SUSE Bug 1195403", url: "https://bugzilla.suse.com/1195403", }, { category: "self", summary: "SUSE Bug 1195516", url: "https://bugzilla.suse.com/1195516", }, { category: "self", summary: "SUSE Bug 1195543", url: "https://bugzilla.suse.com/1195543", }, { category: "self", summary: "SUSE Bug 1195612", url: "https://bugzilla.suse.com/1195612", }, { category: "self", summary: "SUSE Bug 1195897", url: "https://bugzilla.suse.com/1195897", }, { category: "self", summary: "SUSE Bug 1195905", url: "https://bugzilla.suse.com/1195905", }, { category: "self", summary: "SUSE Bug 1195939", url: "https://bugzilla.suse.com/1195939", }, { category: "self", summary: "SUSE Bug 1195987", url: "https://bugzilla.suse.com/1195987", }, { category: "self", summary: "SUSE Bug 1196018", url: "https://bugzilla.suse.com/1196018", }, { category: "self", summary: "SUSE Bug 1196079", url: "https://bugzilla.suse.com/1196079", }, { category: "self", summary: "SUSE Bug 1196095", url: "https://bugzilla.suse.com/1196095", }, { category: "self", summary: "SUSE Bug 1196155", url: "https://bugzilla.suse.com/1196155", }, { category: "self", summary: "SUSE Bug 1196196", url: "https://bugzilla.suse.com/1196196", }, { category: "self", summary: "SUSE Bug 1196235", url: "https://bugzilla.suse.com/1196235", }, { category: "self", summary: "SUSE Bug 1196468", url: "https://bugzilla.suse.com/1196468", }, { category: "self", summary: "SUSE Bug 1196488", url: "https://bugzilla.suse.com/1196488", }, { category: "self", summary: "SUSE Bug 1196612", url: "https://bugzilla.suse.com/1196612", }, { category: "self", summary: "SUSE Bug 1196761", url: "https://bugzilla.suse.com/1196761", }, { category: "self", summary: "SUSE Bug 1196776", url: "https://bugzilla.suse.com/1196776", }, { category: "self", summary: "SUSE Bug 1196823", url: "https://bugzilla.suse.com/1196823", }, { category: "self", summary: "SUSE Bug 1196830", url: "https://bugzilla.suse.com/1196830", }, { category: "self", summary: "SUSE Bug 1196836", url: "https://bugzilla.suse.com/1196836", }, { category: "self", summary: "SUSE Bug 1196956", url: "https://bugzilla.suse.com/1196956", }, { category: "self", summary: "SUSE Bug 1197227", url: "https://bugzilla.suse.com/1197227", }, { category: "self", summary: "SUSE Bug 1197331", url: "https://bugzilla.suse.com/1197331", }, { category: "self", summary: "SUSE Bug 1197366", url: "https://bugzilla.suse.com/1197366", }, { category: "self", summary: "SUSE Bug 1197389", url: "https://bugzilla.suse.com/1197389", }, { category: "self", summary: "SUSE Bug 1197462", url: "https://bugzilla.suse.com/1197462", }, { category: "self", summary: "SUSE Bug 1197702", url: "https://bugzilla.suse.com/1197702", }, { category: "self", summary: "SUSE Bug 1198031", url: "https://bugzilla.suse.com/1198031", }, { category: "self", summary: "SUSE Bug 1198032", url: "https://bugzilla.suse.com/1198032", }, { category: "self", summary: "SUSE Bug 1198033", url: "https://bugzilla.suse.com/1198033", }, { category: "self", summary: "SUSE CVE CVE-2021-0920 page", url: "https://www.suse.com/security/cve/CVE-2021-0920/", }, { category: "self", summary: "SUSE CVE CVE-2021-39698 page", url: "https://www.suse.com/security/cve/CVE-2021-39698/", }, { category: "self", summary: "SUSE CVE CVE-2021-44879 page", url: "https://www.suse.com/security/cve/CVE-2021-44879/", }, { category: "self", summary: "SUSE CVE CVE-2021-45868 page", url: "https://www.suse.com/security/cve/CVE-2021-45868/", }, { category: "self", summary: "SUSE CVE CVE-2022-0487 page", url: "https://www.suse.com/security/cve/CVE-2022-0487/", }, { category: "self", summary: "SUSE CVE CVE-2022-0492 page", url: "https://www.suse.com/security/cve/CVE-2022-0492/", }, { category: "self", summary: "SUSE CVE CVE-2022-0516 page", url: "https://www.suse.com/security/cve/CVE-2022-0516/", }, { category: "self", summary: "SUSE CVE CVE-2022-0617 page", url: "https://www.suse.com/security/cve/CVE-2022-0617/", }, { category: "self", summary: "SUSE CVE CVE-2022-0644 page", url: "https://www.suse.com/security/cve/CVE-2022-0644/", }, { category: "self", summary: "SUSE CVE CVE-2022-0850 page", url: "https://www.suse.com/security/cve/CVE-2022-0850/", }, { category: "self", summary: "SUSE CVE CVE-2022-0854 page", url: "https://www.suse.com/security/cve/CVE-2022-0854/", }, { category: "self", summary: "SUSE CVE CVE-2022-1016 page", url: "https://www.suse.com/security/cve/CVE-2022-1016/", }, { category: "self", summary: "SUSE CVE CVE-2022-1048 page", url: "https://www.suse.com/security/cve/CVE-2022-1048/", }, { category: "self", summary: "SUSE CVE CVE-2022-1055 page", url: "https://www.suse.com/security/cve/CVE-2022-1055/", }, { category: "self", summary: "SUSE CVE CVE-2022-23036 page", url: "https://www.suse.com/security/cve/CVE-2022-23036/", }, { category: "self", summary: "SUSE CVE CVE-2022-23037 page", url: "https://www.suse.com/security/cve/CVE-2022-23037/", }, { category: "self", summary: "SUSE CVE CVE-2022-23038 page", url: "https://www.suse.com/security/cve/CVE-2022-23038/", }, { category: "self", summary: "SUSE CVE CVE-2022-23039 page", url: "https://www.suse.com/security/cve/CVE-2022-23039/", }, { category: "self", summary: "SUSE CVE CVE-2022-23040 page", url: "https://www.suse.com/security/cve/CVE-2022-23040/", }, { category: "self", summary: "SUSE CVE CVE-2022-23041 page", url: "https://www.suse.com/security/cve/CVE-2022-23041/", }, { category: "self", summary: "SUSE CVE CVE-2022-23042 page", url: "https://www.suse.com/security/cve/CVE-2022-23042/", }, { category: "self", summary: "SUSE CVE CVE-2022-24448 page", url: "https://www.suse.com/security/cve/CVE-2022-24448/", }, { category: "self", summary: "SUSE CVE CVE-2022-24958 page", url: "https://www.suse.com/security/cve/CVE-2022-24958/", }, { category: "self", summary: "SUSE CVE CVE-2022-24959 page", url: "https://www.suse.com/security/cve/CVE-2022-24959/", }, { category: "self", summary: "SUSE CVE CVE-2022-25258 page", url: "https://www.suse.com/security/cve/CVE-2022-25258/", }, { category: "self", summary: "SUSE CVE CVE-2022-25375 page", url: "https://www.suse.com/security/cve/CVE-2022-25375/", }, { category: "self", summary: "SUSE CVE CVE-2022-26490 page", url: "https://www.suse.com/security/cve/CVE-2022-26490/", }, { category: "self", summary: "SUSE CVE CVE-2022-26966 page", url: "https://www.suse.com/security/cve/CVE-2022-26966/", }, { category: "self", summary: "SUSE CVE CVE-2022-27666 page", url: "https://www.suse.com/security/cve/CVE-2022-27666/", }, { category: "self", summary: "SUSE CVE CVE-2022-28388 page", url: "https://www.suse.com/security/cve/CVE-2022-28388/", }, { category: "self", summary: "SUSE CVE CVE-2022-28389 page", url: "https://www.suse.com/security/cve/CVE-2022-28389/", }, { category: "self", summary: "SUSE CVE CVE-2022-28390 page", url: "https://www.suse.com/security/cve/CVE-2022-28390/", }, { category: "self", summary: "SUSE CVE CVE-2022-28748 page", url: "https://www.suse.com/security/cve/CVE-2022-28748/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2022-04-19T09:03:30Z", generator: { date: "2022-04-19T09:03:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:1257-1", initial_release_date: "2022-04-19T09:03:30Z", revision_history: [ { date: "2022-04-19T09:03:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-rt-5.3.18-150200.79.2.noarch", product: { name: "kernel-devel-rt-5.3.18-150200.79.2.noarch", product_id: "kernel-devel-rt-5.3.18-150200.79.2.noarch", }, }, { category: "product_version", name: "kernel-source-rt-5.3.18-150200.79.2.noarch", product: { name: "kernel-source-rt-5.3.18-150200.79.2.noarch", product_id: "kernel-source-rt-5.3.18-150200.79.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", product: { name: "cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", product_id: "cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "cluster-md-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product: { name: "cluster-md-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product_id: "cluster-md-kmp-rt_debug-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt-5.3.18-150200.79.2.x86_64", product: { name: "dlm-kmp-rt-5.3.18-150200.79.2.x86_64", product_id: "dlm-kmp-rt-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product: { name: "dlm-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product_id: "dlm-kmp-rt_debug-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", product: { name: "gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", product_id: "gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product: { name: "gfs2-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product_id: "gfs2-kmp-rt_debug-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt-devel-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt-devel-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt-extra-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt-extra-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt-extra-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt-livepatch-devel-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt-livepatch-devel-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt-livepatch-devel-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt_debug-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt_debug-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-extra-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt_debug-extra-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt_debug-extra-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-livepatch-devel-5.3.18-150200.79.2.x86_64", product: { name: "kernel-rt_debug-livepatch-devel-5.3.18-150200.79.2.x86_64", product_id: "kernel-rt_debug-livepatch-devel-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-5.3.18-150200.79.1.x86_64", product: { name: "kernel-syms-rt-5.3.18-150200.79.1.x86_64", product_id: "kernel-syms-rt-5.3.18-150200.79.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt-5.3.18-150200.79.2.x86_64", product: { name: "kselftests-kmp-rt-5.3.18-150200.79.2.x86_64", product_id: "kselftests-kmp-rt-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product: { name: "kselftests-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product_id: "kselftests-kmp-rt_debug-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", product: { name: "ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", product_id: "ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product: { name: "ocfs2-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product_id: "ocfs2-kmp-rt_debug-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "reiserfs-kmp-rt-5.3.18-150200.79.2.x86_64", product: { name: "reiserfs-kmp-rt-5.3.18-150200.79.2.x86_64", product_id: "reiserfs-kmp-rt-5.3.18-150200.79.2.x86_64", }, }, { category: "product_version", name: "reiserfs-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product: { name: "reiserfs-kmp-rt_debug-5.3.18-150200.79.2.x86_64", product_id: "reiserfs-kmp-rt_debug-5.3.18-150200.79.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Real Time Module 15 SP2", product: { name: "SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-rt:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.0", product: { name: "SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", }, product_reference: "cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "dlm-kmp-rt-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", }, product_reference: "dlm-kmp-rt-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "gfs2-kmp-rt-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", }, product_reference: "gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-rt-5.3.18-150200.79.2.noarch as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", }, product_reference: "kernel-devel-rt-5.3.18-150200.79.2.noarch", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", }, product_reference: "kernel-rt-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", }, product_reference: "kernel-rt-devel-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", }, product_reference: "kernel-rt_debug-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", }, product_reference: "kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-5.3.18-150200.79.2.noarch as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", }, product_reference: "kernel-source-rt-5.3.18-150200.79.2.noarch", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-5.3.18-150200.79.1.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", }, product_reference: "kernel-syms-rt-5.3.18-150200.79.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64 as component of SUSE Real Time Module 15 SP2", product_id: "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", }, product_reference: "ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP2", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-5.3.18-150200.79.2.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", }, product_reference: "kernel-rt-5.3.18-150200.79.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, ], }, vulnerabilities: [ { cve: "CVE-2021-0920", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-0920", }, ], notes: [ { category: "general", text: "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-0920", url: "https://www.suse.com/security/cve/CVE-2021-0920", }, { category: "external", summary: "SUSE Bug 1193731 for CVE-2021-0920", url: "https://bugzilla.suse.com/1193731", }, { category: "external", summary: "SUSE Bug 1194463 for CVE-2021-0920", url: "https://bugzilla.suse.com/1194463", }, { category: "external", summary: "SUSE Bug 1195939 for CVE-2021-0920", url: "https://bugzilla.suse.com/1195939", }, { category: "external", summary: "SUSE Bug 1199255 for CVE-2021-0920", url: "https://bugzilla.suse.com/1199255", }, { category: "external", summary: "SUSE Bug 1200084 for CVE-2021-0920", url: "https://bugzilla.suse.com/1200084", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2021-0920", }, { cve: "CVE-2021-39698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-39698", }, ], notes: [ { category: "general", text: "In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-39698", url: "https://www.suse.com/security/cve/CVE-2021-39698", }, { category: "external", summary: "SUSE Bug 1196956 for CVE-2021-39698", url: "https://bugzilla.suse.com/1196956", }, { category: "external", summary: "SUSE Bug 1196959 for CVE-2021-39698", url: "https://bugzilla.suse.com/1196959", }, { category: "external", summary: "SUSE Bug 1209225 for CVE-2021-39698", url: "https://bugzilla.suse.com/1209225", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2021-39698", }, { cve: "CVE-2021-44879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-44879", }, ], notes: [ { category: "general", text: "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-44879", url: "https://www.suse.com/security/cve/CVE-2021-44879", }, { category: "external", summary: "SUSE Bug 1195987 for CVE-2021-44879", url: "https://bugzilla.suse.com/1195987", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2021-44879", }, { cve: "CVE-2021-45868", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-45868", }, ], notes: [ { category: "general", text: "In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-45868", url: "https://www.suse.com/security/cve/CVE-2021-45868", }, { category: "external", summary: "SUSE Bug 1197366 for CVE-2021-45868", url: "https://bugzilla.suse.com/1197366", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2021-45868", }, { cve: "CVE-2022-0487", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0487", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0487", url: "https://www.suse.com/security/cve/CVE-2022-0487", }, { category: "external", summary: "SUSE Bug 1194516 for CVE-2022-0487", url: "https://bugzilla.suse.com/1194516", }, { category: "external", summary: "SUSE Bug 1195949 for CVE-2022-0487", url: "https://bugzilla.suse.com/1195949", }, { category: "external", summary: "SUSE Bug 1198615 for CVE-2022-0487", url: "https://bugzilla.suse.com/1198615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-0487", }, { cve: "CVE-2022-0492", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0492", }, ], notes: [ { category: "general", text: "A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0492", url: "https://www.suse.com/security/cve/CVE-2022-0492", }, { category: "external", summary: "SUSE Bug 1195543 for CVE-2022-0492", url: "https://bugzilla.suse.com/1195543", }, { category: "external", summary: "SUSE Bug 1195908 for CVE-2022-0492", url: "https://bugzilla.suse.com/1195908", }, { category: "external", summary: "SUSE Bug 1196612 for CVE-2022-0492", url: "https://bugzilla.suse.com/1196612", }, { category: "external", summary: "SUSE Bug 1196776 for CVE-2022-0492", url: "https://bugzilla.suse.com/1196776", }, { category: "external", summary: "SUSE Bug 1198615 for CVE-2022-0492", url: "https://bugzilla.suse.com/1198615", }, { category: "external", summary: "SUSE Bug 1199255 for CVE-2022-0492", url: "https://bugzilla.suse.com/1199255", }, { category: "external", summary: "SUSE Bug 1199615 for CVE-2022-0492", url: "https://bugzilla.suse.com/1199615", }, { category: "external", summary: "SUSE Bug 1200084 for CVE-2022-0492", url: "https://bugzilla.suse.com/1200084", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-0492", }, { cve: "CVE-2022-0516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0516", }, ], notes: [ { category: "general", text: "A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0516", url: "https://www.suse.com/security/cve/CVE-2022-0516", }, { category: "external", summary: "SUSE Bug 1195516 for CVE-2022-0516", url: "https://bugzilla.suse.com/1195516", }, { category: "external", summary: "SUSE Bug 1195947 for CVE-2022-0516", url: "https://bugzilla.suse.com/1195947", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-0516", }, { cve: "CVE-2022-0617", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0617", }, ], notes: [ { category: "general", text: "A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0617", url: "https://www.suse.com/security/cve/CVE-2022-0617", }, { category: "external", summary: "SUSE Bug 1196079 for CVE-2022-0617", url: "https://bugzilla.suse.com/1196079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-0617", }, { cve: "CVE-2022-0644", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0644", }, ], notes: [ { category: "general", text: "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0644", url: "https://www.suse.com/security/cve/CVE-2022-0644", }, { category: "external", summary: "SUSE Bug 1196155 for CVE-2022-0644", url: "https://bugzilla.suse.com/1196155", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-0644", }, { cve: "CVE-2022-0850", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0850", }, ], notes: [ { category: "general", text: "A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0850", url: "https://www.suse.com/security/cve/CVE-2022-0850", }, { category: "external", summary: "SUSE Bug 1196761 for CVE-2022-0850", url: "https://bugzilla.suse.com/1196761", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-0850", }, { cve: "CVE-2022-0854", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0854", }, ], notes: [ { category: "general", text: "A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0854", url: "https://www.suse.com/security/cve/CVE-2022-0854", }, { category: "external", summary: "SUSE Bug 1196823 for CVE-2022-0854", url: "https://bugzilla.suse.com/1196823", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-0854", }, { cve: "CVE-2022-1016", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1016", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1016", url: "https://www.suse.com/security/cve/CVE-2022-1016", }, { category: "external", summary: "SUSE Bug 1197335 for CVE-2022-1016", url: "https://bugzilla.suse.com/1197335", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-1016", }, { cve: "CVE-2022-1048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1048", }, ], notes: [ { category: "general", text: "A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1048", url: "https://www.suse.com/security/cve/CVE-2022-1048", }, { category: "external", summary: "SUSE Bug 1197331 for CVE-2022-1048", url: "https://bugzilla.suse.com/1197331", }, { category: "external", summary: "SUSE Bug 1197597 for CVE-2022-1048", url: "https://bugzilla.suse.com/1197597", }, { category: "external", summary: "SUSE Bug 1200041 for CVE-2022-1048", url: "https://bugzilla.suse.com/1200041", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-1048", url: "https://bugzilla.suse.com/1204132", }, { category: "external", summary: "SUSE Bug 1212325 for CVE-2022-1048", url: "https://bugzilla.suse.com/1212325", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-1048", }, { cve: "CVE-2022-1055", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1055", }, ], notes: [ { category: "general", text: "A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1055", url: "https://www.suse.com/security/cve/CVE-2022-1055", }, { category: "external", summary: "SUSE Bug 1197702 for CVE-2022-1055", url: "https://bugzilla.suse.com/1197702", }, { category: "external", summary: "SUSE Bug 1197705 for CVE-2022-1055", url: "https://bugzilla.suse.com/1197705", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-1055", }, { cve: "CVE-2022-23036", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23036", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23036", url: "https://www.suse.com/security/cve/CVE-2022-23036", }, { category: "external", summary: "SUSE Bug 1196488 for CVE-2022-23036", url: "https://bugzilla.suse.com/1196488", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23036", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23036", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23036", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-23036", }, { cve: "CVE-2022-23037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23037", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23037", url: "https://www.suse.com/security/cve/CVE-2022-23037", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23037", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23037", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23037", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-23037", }, { cve: "CVE-2022-23038", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23038", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23038", url: "https://www.suse.com/security/cve/CVE-2022-23038", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23038", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23038", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23038", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-23038", }, { cve: "CVE-2022-23039", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23039", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23039", url: "https://www.suse.com/security/cve/CVE-2022-23039", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23039", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23039", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23039", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-23039", }, { cve: "CVE-2022-23040", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23040", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23040", url: "https://www.suse.com/security/cve/CVE-2022-23040", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23040", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23040", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23040", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-23040", }, { cve: "CVE-2022-23041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23041", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23041", url: "https://www.suse.com/security/cve/CVE-2022-23041", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23041", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23041", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23041", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-23041", }, { cve: "CVE-2022-23042", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23042", }, ], notes: [ { category: "general", text: "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23042", url: "https://www.suse.com/security/cve/CVE-2022-23042", }, { category: "external", summary: "SUSE Bug 1199099 for CVE-2022-23042", url: "https://bugzilla.suse.com/1199099", }, { category: "external", summary: "SUSE Bug 1199141 for CVE-2022-23042", url: "https://bugzilla.suse.com/1199141", }, { category: "external", summary: "SUSE Bug 1204132 for CVE-2022-23042", url: "https://bugzilla.suse.com/1204132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-23042", }, { cve: "CVE-2022-24448", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24448", }, ], notes: [ { category: "general", text: "An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24448", url: "https://www.suse.com/security/cve/CVE-2022-24448", }, { category: "external", summary: "SUSE Bug 1195612 for CVE-2022-24448", url: "https://bugzilla.suse.com/1195612", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-24448", }, { cve: "CVE-2022-24958", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24958", }, ], notes: [ { category: "general", text: "drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24958", url: "https://www.suse.com/security/cve/CVE-2022-24958", }, { category: "external", summary: "SUSE Bug 1195905 for CVE-2022-24958", url: "https://bugzilla.suse.com/1195905", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-24958", }, { cve: "CVE-2022-24959", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24959", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24959", url: "https://www.suse.com/security/cve/CVE-2022-24959", }, { category: "external", summary: "SUSE Bug 1195897 for CVE-2022-24959", url: "https://bugzilla.suse.com/1195897", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-24959", }, { cve: "CVE-2022-25258", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-25258", }, ], notes: [ { category: "general", text: "An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-25258", url: "https://www.suse.com/security/cve/CVE-2022-25258", }, { category: "external", summary: "SUSE Bug 1196095 for CVE-2022-25258", url: "https://bugzilla.suse.com/1196095", }, { category: "external", summary: "SUSE Bug 1196132 for CVE-2022-25258", url: "https://bugzilla.suse.com/1196132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-25258", }, { cve: "CVE-2022-25375", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-25375", }, ], notes: [ { category: "general", text: "An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-25375", url: "https://www.suse.com/security/cve/CVE-2022-25375", }, { category: "external", summary: "SUSE Bug 1196235 for CVE-2022-25375", url: "https://bugzilla.suse.com/1196235", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-25375", }, { cve: "CVE-2022-26490", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-26490", }, ], notes: [ { category: "general", text: "st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-26490", url: "https://www.suse.com/security/cve/CVE-2022-26490", }, { category: "external", summary: "SUSE Bug 1196830 for CVE-2022-26490", url: "https://bugzilla.suse.com/1196830", }, { category: "external", summary: "SUSE Bug 1201656 for CVE-2022-26490", url: "https://bugzilla.suse.com/1201656", }, { category: "external", summary: "SUSE Bug 1201969 for CVE-2022-26490", url: "https://bugzilla.suse.com/1201969", }, { category: "external", summary: "SUSE Bug 1211495 for CVE-2022-26490", url: "https://bugzilla.suse.com/1211495", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-26490", }, { cve: "CVE-2022-26966", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-26966", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-26966", url: "https://www.suse.com/security/cve/CVE-2022-26966", }, { category: "external", summary: "SUSE Bug 1196836 for CVE-2022-26966", url: "https://bugzilla.suse.com/1196836", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-26966", }, { cve: "CVE-2022-27666", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27666", }, ], notes: [ { category: "general", text: "A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-27666", url: "https://www.suse.com/security/cve/CVE-2022-27666", }, { category: "external", summary: "SUSE Bug 1197131 for CVE-2022-27666", url: "https://bugzilla.suse.com/1197131", }, { category: "external", summary: "SUSE Bug 1197133 for CVE-2022-27666", url: "https://bugzilla.suse.com/1197133", }, { category: "external", summary: "SUSE Bug 1197462 for CVE-2022-27666", url: "https://bugzilla.suse.com/1197462", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "important", }, ], title: "CVE-2022-27666", }, { cve: "CVE-2022-28388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28388", }, ], notes: [ { category: "general", text: "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28388", url: "https://www.suse.com/security/cve/CVE-2022-28388", }, { category: "external", summary: "SUSE Bug 1198032 for CVE-2022-28388", url: "https://bugzilla.suse.com/1198032", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-28388", }, { cve: "CVE-2022-28389", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28389", }, ], notes: [ { category: "general", text: "mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28389", url: "https://www.suse.com/security/cve/CVE-2022-28389", }, { category: "external", summary: "SUSE Bug 1198033 for CVE-2022-28389", url: "https://bugzilla.suse.com/1198033", }, { category: "external", summary: "SUSE Bug 1201657 for CVE-2022-28389", url: "https://bugzilla.suse.com/1201657", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-28389", }, { cve: "CVE-2022-28390", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28390", }, ], notes: [ { category: "general", text: "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28390", url: "https://www.suse.com/security/cve/CVE-2022-28390", }, { category: "external", summary: "SUSE Bug 1198031 for CVE-2022-28390", url: "https://bugzilla.suse.com/1198031", }, { category: "external", summary: "SUSE Bug 1201517 for CVE-2022-28390", url: "https://bugzilla.suse.com/1201517", }, { category: "external", summary: "SUSE Bug 1207969 for CVE-2022-28390", url: "https://bugzilla.suse.com/1207969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "moderate", }, ], title: "CVE-2022-28390", }, { cve: "CVE-2022-28748", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28748", }, ], notes: [ { category: "general", text: "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28748", url: "https://www.suse.com/security/cve/CVE-2022-28748", }, { category: "external", summary: "SUSE Bug 1196018 for CVE-2022-28748", url: "https://bugzilla.suse.com/1196018", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-150200.79.2.x86_64", "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-150200.79.2.noarch", "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-150200.79.1.x86_64", "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-150200.79.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T09:03:30Z", details: "low", }, ], title: "CVE-2022-28748", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.