suse-su-2022:4614-1
Vulnerability from csaf_suse
Published
2022-12-23 09:43
Modified
2022-12-23 09:43
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322).
- CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
- CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637).
- CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417).
- CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
- CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066).
- CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470).
- CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).
- CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788).
- CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700).
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1204017).
- Drivers: hv: vmbus: Always handle the VMBus messages on CPU0 (bsc#1204017).
- Drivers: hv: vmbus: Do not bind the offer&rescind works to a specific CPU (bsc#1204017).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1204017).
- Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels (bsc#1204017).
- Drivers: hv: vmbus: Use a spin lock for synchronizing channel scheduling vs. channel removal (bsc#1204017).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- PCI: hv: Add hibernation support (bsc#1204446).
- PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Fix hibernation in case interrupts are not re-created (bsc#1204446).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Prepare hv_compose_msi_msg() for the VMBus-channel-interrupt-to-vCPU reassignment functionality (bsc#1204017).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- PCI: hv: Use struct_size() helper (bsc#1204446).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Add the support of hibernation (bsc#1204017).
- hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
- hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
- hv_netvsc: Fix hibernation for mlx5 VF driver (bsc#1204850).
- hv_netvsc: Fix potential dereference of NULL pointer (bsc#1204017).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).
- hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).
- hv_netvsc: Switch the data path at the right time during hibernation (bsc#1204850).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- xfs: reserve data and rt quota at the same time (bsc#1203496).
Patchnames
SUSE-2022-4614,SUSE-SLE-RT-12-SP5-2022-4614
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).\n- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).\n- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).\n- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).\n- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).\n- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).\n- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).\n- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).\n- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).\n- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).\n- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).\n- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c\u0027s l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).\n- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).\n- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).\n- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)\n- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).\n- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).\n- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).\n- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor\u0027s internal memory (bsc#1204653).\n- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).\n- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).\n- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).\n- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).\n- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).\n- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).\n- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).\n- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).\n- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).\n- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).\n- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).\n- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).\n- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322).\n- CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).\n- CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637).\n- CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417).\n- CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).\n- CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066).\n- CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470).\n- CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).\n- CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788).\n- CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700).\n\nThe following non-security bugs were fixed:\n\n- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).\n- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).\n- Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1204017).\n- Drivers: hv: vmbus: Always handle the VMBus messages on CPU0 (bsc#1204017).\n- Drivers: hv: vmbus: Do not bind the offer\u0026rescind works to a specific CPU (bsc#1204017).\n- Drivers: hv: vmbus: Drop error message when \u0027No request id available\u0027 (bsc#1204017).\n- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).\n- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).\n- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).\n- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).\n- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).\n- Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).\n- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).\n- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1204017).\n- Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels (bsc#1204017).\n- Drivers: hv: vmbus: Use a spin lock for synchronizing channel scheduling vs. channel removal (bsc#1204017).\n- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).\n- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).\n- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).\n- PCI: hv: Add hibernation support (bsc#1204446).\n- PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).\n- PCI: hv: Drop msi_controller structure (bsc#1204446).\n- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).\n- PCI: hv: Fix a race condition when removing the device (bsc#1204446).\n- PCI: hv: Fix hibernation in case interrupts are not re-created (bsc#1204446).\n- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).\n- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).\n- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).\n- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).\n- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860).\n- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).\n- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).\n- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).\n- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).\n- PCI: hv: Prepare hv_compose_msi_msg() for the VMBus-channel-interrupt-to-vCPU reassignment functionality (bsc#1204017).\n- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).\n- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).\n- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).\n- PCI: hv: Support for create interrupt v3 (bsc#1204446).\n- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).\n- PCI: hv: Use struct_size() helper (bsc#1204446).\n- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).\n- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725).\n- hv_netvsc: Add check for kvmalloc_array (git-fixes).\n- hv_netvsc: Add error handling while switching data path (bsc#1204850).\n- hv_netvsc: Add the support of hibernation (bsc#1204017).\n- hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).\n- hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).\n- hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).\n- hv_netvsc: Fix hibernation for mlx5 VF driver (bsc#1204850).\n- hv_netvsc: Fix potential dereference of NULL pointer (bsc#1204017).\n- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).\n- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).\n- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).\n- hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).\n- hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).\n- hv_netvsc: Switch the data path at the right time during hibernation (bsc#1204850).\n- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).\n- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).\n- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).\n- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).\n- net: hyperv: remove use of bpf_op_t (git-fixes).\n- net: mana: Add rmb after checking owner bits (git-fixes).\n- net: netvsc: remove break after return (git-fixes).\n- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).\n- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).\n- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).\n- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).\n- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).\n- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).\n- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).\n- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).\n- x86/cpu: Restore AMD\u0027s DE_CFG MSR after resume (bsc#1205473).\n- x86/hyperv: Output host build info as normal Windows version number (git-fixes).\n- xfs: reserve data and rt quota at the same time (bsc#1203496).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4614,SUSE-SLE-RT-12-SP5-2022-4614",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4614-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4614-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224614-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4614-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013337.html"
},
{
"category": "self",
"summary": "SUSE Bug 1198702",
"url": "https://bugzilla.suse.com/1198702"
},
{
"category": "self",
"summary": "SUSE Bug 1199365",
"url": "https://bugzilla.suse.com/1199365"
},
{
"category": "self",
"summary": "SUSE Bug 1200845",
"url": "https://bugzilla.suse.com/1200845"
},
{
"category": "self",
"summary": "SUSE Bug 1201725",
"url": "https://bugzilla.suse.com/1201725"
},
{
"category": "self",
"summary": "SUSE Bug 1202686",
"url": "https://bugzilla.suse.com/1202686"
},
{
"category": "self",
"summary": "SUSE Bug 1202700",
"url": "https://bugzilla.suse.com/1202700"
},
{
"category": "self",
"summary": "SUSE Bug 1203008",
"url": "https://bugzilla.suse.com/1203008"
},
{
"category": "self",
"summary": "SUSE Bug 1203066",
"url": "https://bugzilla.suse.com/1203066"
},
{
"category": "self",
"summary": "SUSE Bug 1203067",
"url": "https://bugzilla.suse.com/1203067"
},
{
"category": "self",
"summary": "SUSE Bug 1203322",
"url": "https://bugzilla.suse.com/1203322"
},
{
"category": "self",
"summary": "SUSE Bug 1203391",
"url": "https://bugzilla.suse.com/1203391"
},
{
"category": "self",
"summary": "SUSE Bug 1203496",
"url": "https://bugzilla.suse.com/1203496"
},
{
"category": "self",
"summary": "SUSE Bug 1203514",
"url": "https://bugzilla.suse.com/1203514"
},
{
"category": "self",
"summary": "SUSE Bug 1203860",
"url": "https://bugzilla.suse.com/1203860"
},
{
"category": "self",
"summary": "SUSE Bug 1203960",
"url": "https://bugzilla.suse.com/1203960"
},
{
"category": "self",
"summary": "SUSE Bug 1204017",
"url": "https://bugzilla.suse.com/1204017"
},
{
"category": "self",
"summary": "SUSE Bug 1204053",
"url": "https://bugzilla.suse.com/1204053"
},
{
"category": "self",
"summary": "SUSE Bug 1204168",
"url": "https://bugzilla.suse.com/1204168"
},
{
"category": "self",
"summary": "SUSE Bug 1204170",
"url": "https://bugzilla.suse.com/1204170"
},
{
"category": "self",
"summary": "SUSE Bug 1204354",
"url": "https://bugzilla.suse.com/1204354"
},
{
"category": "self",
"summary": "SUSE Bug 1204355",
"url": "https://bugzilla.suse.com/1204355"
},
{
"category": "self",
"summary": "SUSE Bug 1204402",
"url": "https://bugzilla.suse.com/1204402"
},
{
"category": "self",
"summary": "SUSE Bug 1204414",
"url": "https://bugzilla.suse.com/1204414"
},
{
"category": "self",
"summary": "SUSE Bug 1204415",
"url": "https://bugzilla.suse.com/1204415"
},
{
"category": "self",
"summary": "SUSE Bug 1204417",
"url": "https://bugzilla.suse.com/1204417"
},
{
"category": "self",
"summary": "SUSE Bug 1204424",
"url": "https://bugzilla.suse.com/1204424"
},
{
"category": "self",
"summary": "SUSE Bug 1204431",
"url": "https://bugzilla.suse.com/1204431"
},
{
"category": "self",
"summary": "SUSE Bug 1204432",
"url": "https://bugzilla.suse.com/1204432"
},
{
"category": "self",
"summary": "SUSE Bug 1204439",
"url": "https://bugzilla.suse.com/1204439"
},
{
"category": "self",
"summary": "SUSE Bug 1204446",
"url": "https://bugzilla.suse.com/1204446"
},
{
"category": "self",
"summary": "SUSE Bug 1204470",
"url": "https://bugzilla.suse.com/1204470"
},
{
"category": "self",
"summary": "SUSE Bug 1204479",
"url": "https://bugzilla.suse.com/1204479"
},
{
"category": "self",
"summary": "SUSE Bug 1204486",
"url": "https://bugzilla.suse.com/1204486"
},
{
"category": "self",
"summary": "SUSE Bug 1204574",
"url": "https://bugzilla.suse.com/1204574"
},
{
"category": "self",
"summary": "SUSE Bug 1204575",
"url": "https://bugzilla.suse.com/1204575"
},
{
"category": "self",
"summary": "SUSE Bug 1204576",
"url": "https://bugzilla.suse.com/1204576"
},
{
"category": "self",
"summary": "SUSE Bug 1204631",
"url": "https://bugzilla.suse.com/1204631"
},
{
"category": "self",
"summary": "SUSE Bug 1204635",
"url": "https://bugzilla.suse.com/1204635"
},
{
"category": "self",
"summary": "SUSE Bug 1204636",
"url": "https://bugzilla.suse.com/1204636"
},
{
"category": "self",
"summary": "SUSE Bug 1204637",
"url": "https://bugzilla.suse.com/1204637"
},
{
"category": "self",
"summary": "SUSE Bug 1204646",
"url": "https://bugzilla.suse.com/1204646"
},
{
"category": "self",
"summary": "SUSE Bug 1204647",
"url": "https://bugzilla.suse.com/1204647"
},
{
"category": "self",
"summary": "SUSE Bug 1204653",
"url": "https://bugzilla.suse.com/1204653"
},
{
"category": "self",
"summary": "SUSE Bug 1204780",
"url": "https://bugzilla.suse.com/1204780"
},
{
"category": "self",
"summary": "SUSE Bug 1204850",
"url": "https://bugzilla.suse.com/1204850"
},
{
"category": "self",
"summary": "SUSE Bug 1205128",
"url": "https://bugzilla.suse.com/1205128"
},
{
"category": "self",
"summary": "SUSE Bug 1205130",
"url": "https://bugzilla.suse.com/1205130"
},
{
"category": "self",
"summary": "SUSE Bug 1205220",
"url": "https://bugzilla.suse.com/1205220"
},
{
"category": "self",
"summary": "SUSE Bug 1205473",
"url": "https://bugzilla.suse.com/1205473"
},
{
"category": "self",
"summary": "SUSE Bug 1205514",
"url": "https://bugzilla.suse.com/1205514"
},
{
"category": "self",
"summary": "SUSE Bug 1205617",
"url": "https://bugzilla.suse.com/1205617"
},
{
"category": "self",
"summary": "SUSE Bug 1205671",
"url": "https://bugzilla.suse.com/1205671"
},
{
"category": "self",
"summary": "SUSE Bug 1205700",
"url": "https://bugzilla.suse.com/1205700"
},
{
"category": "self",
"summary": "SUSE Bug 1205705",
"url": "https://bugzilla.suse.com/1205705"
},
{
"category": "self",
"summary": "SUSE Bug 1205709",
"url": "https://bugzilla.suse.com/1205709"
},
{
"category": "self",
"summary": "SUSE Bug 1205711",
"url": "https://bugzilla.suse.com/1205711"
},
{
"category": "self",
"summary": "SUSE Bug 1205796",
"url": "https://bugzilla.suse.com/1205796"
},
{
"category": "self",
"summary": "SUSE Bug 1206207",
"url": "https://bugzilla.suse.com/1206207"
},
{
"category": "self",
"summary": "SUSE Bug 1206228",
"url": "https://bugzilla.suse.com/1206228"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4037 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2153 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28693 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28748 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2964 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2978 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3169 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3176 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3521 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3521/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3524 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3535 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3535/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3542 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3565 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3567 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3567/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3577 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3586 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3594 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3621 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3625 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3628 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3629 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3635 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3649 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3707 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3903 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-39189 page",
"url": "https://www.suse.com/security/cve/CVE-2022-39189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40307 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40768 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4095 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4129 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4139 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41858 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42703 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42895 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42896 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-43750 page",
"url": "https://www.suse.com/security/cve/CVE-2022-43750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4378 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-43945 page",
"url": "https://www.suse.com/security/cve/CVE-2022-43945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45934 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45934/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-12-23T09:43:37Z",
"generator": {
"date": "2022-12-23T09:43:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4614-1",
"initial_release_date": "2022-12-23T09:43:37Z",
"revision_history": [
{
"date": "2022-12-23T09:43:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-4.12.14-10.109.1.noarch",
"product": {
"name": "kernel-devel-rt-4.12.14-10.109.1.noarch",
"product_id": "kernel-devel-rt-4.12.14-10.109.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-4.12.14-10.109.1.noarch",
"product": {
"name": "kernel-source-rt-4.12.14-10.109.1.noarch",
"product_id": "kernel-source-rt-4.12.14-10.109.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"product_id": "cluster-md-kmp-rt-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"product": {
"name": "dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"product_id": "dlm-kmp-rt-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product_id": "dlm-kmp-rt_debug-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"product_id": "gfs2-kmp-rt-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt-base-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt-base-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt-devel-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt-devel-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt-extra-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt-extra-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-kgraft-devel-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt-kgraft-devel-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt-kgraft-devel-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt_debug-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt_debug-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-base-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt_debug-base-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt_debug-base-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt_debug-devel-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt_debug-extra-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-kgraft-devel-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-rt_debug-kgraft-devel-4.12.14-10.109.1.x86_64",
"product_id": "kernel-rt_debug-kgraft-devel-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-4.12.14-10.109.1.x86_64",
"product": {
"name": "kernel-syms-rt-4.12.14-10.109.1.x86_64",
"product_id": "kernel-syms-rt-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-4.12.14-10.109.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-4.12.14-10.109.1.x86_64",
"product_id": "kselftests-kmp-rt-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"product_id": "ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-4.12.14-10.109.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-4.12.14-10.109.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-linux-enterprise-rt:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64"
},
"product_reference": "dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-4.12.14-10.109.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch"
},
"product_reference": "kernel-devel-rt-4.12.14-10.109.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64"
},
"product_reference": "kernel-rt-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64"
},
"product_reference": "kernel-rt-base-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64"
},
"product_reference": "kernel-rt-devel-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64"
},
"product_reference": "kernel-rt_debug-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-4.12.14-10.109.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch"
},
"product_reference": "kernel-source-rt-4.12.14-10.109.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64"
},
"product_reference": "kernel-syms-rt-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-4.12.14-10.109.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4037"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4037",
"url": "https://www.suse.com/security/cve/CVE-2021-4037"
},
{
"category": "external",
"summary": "SUSE Bug 1198702 for CVE-2021-4037",
"url": "https://bugzilla.suse.com/1198702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2021-4037"
},
{
"cve": "CVE-2022-2153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2153"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2153",
"url": "https://www.suse.com/security/cve/CVE-2022-2153"
},
{
"category": "external",
"summary": "SUSE Bug 1200788 for CVE-2022-2153",
"url": "https://bugzilla.suse.com/1200788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-2153"
},
{
"cve": "CVE-2022-2602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2602"
}
],
"notes": [
{
"category": "general",
"text": "io_uring UAF, Unix SCM garbage collection",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2602",
"url": "https://www.suse.com/security/cve/CVE-2022-2602"
},
{
"category": "external",
"summary": "SUSE Bug 1204228 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1204228"
},
{
"category": "external",
"summary": "SUSE Bug 1205186 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1205186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-2602"
},
{
"cve": "CVE-2022-28693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28693"
}
],
"notes": [
{
"category": "general",
"text": "Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28693",
"url": "https://www.suse.com/security/cve/CVE-2022-28693"
},
{
"category": "external",
"summary": "SUSE Bug 1201455 for CVE-2022-28693",
"url": "https://bugzilla.suse.com/1201455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-28693"
},
{
"cve": "CVE-2022-28748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28748"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28748",
"url": "https://www.suse.com/security/cve/CVE-2022-28748"
},
{
"category": "external",
"summary": "SUSE Bug 1196018 for CVE-2022-28748",
"url": "https://bugzilla.suse.com/1196018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-28748"
},
{
"cve": "CVE-2022-2964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2964"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2964",
"url": "https://www.suse.com/security/cve/CVE-2022-2964"
},
{
"category": "external",
"summary": "SUSE Bug 1202686 for CVE-2022-2964",
"url": "https://bugzilla.suse.com/1202686"
},
{
"category": "external",
"summary": "SUSE Bug 1203008 for CVE-2022-2964",
"url": "https://bugzilla.suse.com/1203008"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-2964",
"url": "https://bugzilla.suse.com/1208044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2022-2978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2978"
}
],
"notes": [
{
"category": "general",
"text": "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2978",
"url": "https://www.suse.com/security/cve/CVE-2022-2978"
},
{
"category": "external",
"summary": "SUSE Bug 1202700 for CVE-2022-2978",
"url": "https://bugzilla.suse.com/1202700"
},
{
"category": "external",
"summary": "SUSE Bug 1204745 for CVE-2022-2978",
"url": "https://bugzilla.suse.com/1204745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-2978"
},
{
"cve": "CVE-2022-3169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3169"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3169",
"url": "https://www.suse.com/security/cve/CVE-2022-3169"
},
{
"category": "external",
"summary": "SUSE Bug 1203290 for CVE-2022-3169",
"url": "https://bugzilla.suse.com/1203290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3169"
},
{
"cve": "CVE-2022-3176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3176"
}
],
"notes": [
{
"category": "general",
"text": "There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn\u0027t handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3176",
"url": "https://www.suse.com/security/cve/CVE-2022-3176"
},
{
"category": "external",
"summary": "SUSE Bug 1203391 for CVE-2022-3176",
"url": "https://bugzilla.suse.com/1203391"
},
{
"category": "external",
"summary": "SUSE Bug 1203511 for CVE-2022-3176",
"url": "https://bugzilla.suse.com/1203511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-3176"
},
{
"cve": "CVE-2022-3521",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3521"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3521",
"url": "https://www.suse.com/security/cve/CVE-2022-3521"
},
{
"category": "external",
"summary": "SUSE Bug 1204355 for CVE-2022-3521",
"url": "https://bugzilla.suse.com/1204355"
},
{
"category": "external",
"summary": "SUSE Bug 1217458 for CVE-2022-3521",
"url": "https://bugzilla.suse.com/1217458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3521"
},
{
"cve": "CVE-2022-3524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3524"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3524",
"url": "https://www.suse.com/security/cve/CVE-2022-3524"
},
{
"category": "external",
"summary": "SUSE Bug 1204354 for CVE-2022-3524",
"url": "https://bugzilla.suse.com/1204354"
},
{
"category": "external",
"summary": "SUSE Bug 1212320 for CVE-2022-3524",
"url": "https://bugzilla.suse.com/1212320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3524"
},
{
"cve": "CVE-2022-3535",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3535"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3535",
"url": "https://www.suse.com/security/cve/CVE-2022-3535"
},
{
"category": "external",
"summary": "SUSE Bug 1204417 for CVE-2022-3535",
"url": "https://bugzilla.suse.com/1204417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3535"
},
{
"cve": "CVE-2022-3542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3542"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3542",
"url": "https://www.suse.com/security/cve/CVE-2022-3542"
},
{
"category": "external",
"summary": "SUSE Bug 1204402 for CVE-2022-3542",
"url": "https://bugzilla.suse.com/1204402"
},
{
"category": "external",
"summary": "SUSE Bug 1217458 for CVE-2022-3542",
"url": "https://bugzilla.suse.com/1217458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3542"
},
{
"cve": "CVE-2022-3545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3545"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3545",
"url": "https://www.suse.com/security/cve/CVE-2022-3545"
},
{
"category": "external",
"summary": "SUSE Bug 1204415 for CVE-2022-3545",
"url": "https://bugzilla.suse.com/1204415"
},
{
"category": "external",
"summary": "SUSE Bug 1204424 for CVE-2022-3545",
"url": "https://bugzilla.suse.com/1204424"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-3545",
"url": "https://bugzilla.suse.com/1209225"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2022-3545",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-3545"
},
{
"cve": "CVE-2022-3565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3565"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3565",
"url": "https://www.suse.com/security/cve/CVE-2022-3565"
},
{
"category": "external",
"summary": "SUSE Bug 1204431 for CVE-2022-3565",
"url": "https://bugzilla.suse.com/1204431"
},
{
"category": "external",
"summary": "SUSE Bug 1204432 for CVE-2022-3565",
"url": "https://bugzilla.suse.com/1204432"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3565",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1212323 for CVE-2022-3565",
"url": "https://bugzilla.suse.com/1212323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-3565"
},
{
"cve": "CVE-2022-3567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3567"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3567",
"url": "https://www.suse.com/security/cve/CVE-2022-3567"
},
{
"category": "external",
"summary": "SUSE Bug 1204414 for CVE-2022-3567",
"url": "https://bugzilla.suse.com/1204414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3567"
},
{
"cve": "CVE-2022-3577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3577"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory write flaw was found in the Linux kernel\u0027s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3577",
"url": "https://www.suse.com/security/cve/CVE-2022-3577"
},
{
"category": "external",
"summary": "SUSE Bug 1204470 for CVE-2022-3577",
"url": "https://bugzilla.suse.com/1204470"
},
{
"category": "external",
"summary": "SUSE Bug 1204486 for CVE-2022-3577",
"url": "https://bugzilla.suse.com/1204486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-3577"
},
{
"cve": "CVE-2022-3586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3586"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3586",
"url": "https://www.suse.com/security/cve/CVE-2022-3586"
},
{
"category": "external",
"summary": "SUSE Bug 1204439 for CVE-2022-3586",
"url": "https://bugzilla.suse.com/1204439"
},
{
"category": "external",
"summary": "SUSE Bug 1204576 for CVE-2022-3586",
"url": "https://bugzilla.suse.com/1204576"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3586",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-3586",
"url": "https://bugzilla.suse.com/1209225"
},
{
"category": "external",
"summary": "SUSE Bug 1212294 for CVE-2022-3586",
"url": "https://bugzilla.suse.com/1212294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-3586"
},
{
"cve": "CVE-2022-3594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3594"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3594",
"url": "https://www.suse.com/security/cve/CVE-2022-3594"
},
{
"category": "external",
"summary": "SUSE Bug 1204479 for CVE-2022-3594",
"url": "https://bugzilla.suse.com/1204479"
},
{
"category": "external",
"summary": "SUSE Bug 1217458 for CVE-2022-3594",
"url": "https://bugzilla.suse.com/1217458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3594"
},
{
"cve": "CVE-2022-3621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3621"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3621",
"url": "https://www.suse.com/security/cve/CVE-2022-3621"
},
{
"category": "external",
"summary": "SUSE Bug 1204574 for CVE-2022-3621",
"url": "https://bugzilla.suse.com/1204574"
},
{
"category": "external",
"summary": "SUSE Bug 1212295 for CVE-2022-3621",
"url": "https://bugzilla.suse.com/1212295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3621"
},
{
"cve": "CVE-2022-3625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3625"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3625",
"url": "https://www.suse.com/security/cve/CVE-2022-3625"
},
{
"category": "external",
"summary": "SUSE Bug 1204637 for CVE-2022-3625",
"url": "https://bugzilla.suse.com/1204637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3625"
},
{
"cve": "CVE-2022-3628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3628"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3628",
"url": "https://www.suse.com/security/cve/CVE-2022-3628"
},
{
"category": "external",
"summary": "SUSE Bug 1204868 for CVE-2022-3628",
"url": "https://bugzilla.suse.com/1204868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3628"
},
{
"cve": "CVE-2022-3629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3629"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3629",
"url": "https://www.suse.com/security/cve/CVE-2022-3629"
},
{
"category": "external",
"summary": "SUSE Bug 1204635 for CVE-2022-3629",
"url": "https://bugzilla.suse.com/1204635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3629"
},
{
"cve": "CVE-2022-3635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3635"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3635",
"url": "https://www.suse.com/security/cve/CVE-2022-3635"
},
{
"category": "external",
"summary": "SUSE Bug 1202096 for CVE-2022-3635",
"url": "https://bugzilla.suse.com/1202096"
},
{
"category": "external",
"summary": "SUSE Bug 1204631 for CVE-2022-3635",
"url": "https://bugzilla.suse.com/1204631"
},
{
"category": "external",
"summary": "SUSE Bug 1204636 for CVE-2022-3635",
"url": "https://bugzilla.suse.com/1204636"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3635",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1212289 for CVE-2022-3635",
"url": "https://bugzilla.suse.com/1212289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-3635"
},
{
"cve": "CVE-2022-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3646"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3646",
"url": "https://www.suse.com/security/cve/CVE-2022-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1204646 for CVE-2022-3646",
"url": "https://bugzilla.suse.com/1204646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "low"
}
],
"title": "CVE-2022-3646"
},
{
"cve": "CVE-2022-3649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3649"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3649",
"url": "https://www.suse.com/security/cve/CVE-2022-3649"
},
{
"category": "external",
"summary": "SUSE Bug 1204647 for CVE-2022-3649",
"url": "https://bugzilla.suse.com/1204647"
},
{
"category": "external",
"summary": "SUSE Bug 1212318 for CVE-2022-3649",
"url": "https://bugzilla.suse.com/1212318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "low"
}
],
"title": "CVE-2022-3649"
},
{
"cve": "CVE-2022-3707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3707"
}
],
"notes": [
{
"category": "general",
"text": "A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3707",
"url": "https://www.suse.com/security/cve/CVE-2022-3707"
},
{
"category": "external",
"summary": "SUSE Bug 1204780 for CVE-2022-3707",
"url": "https://bugzilla.suse.com/1204780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3707"
},
{
"cve": "CVE-2022-3903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3903"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3903",
"url": "https://www.suse.com/security/cve/CVE-2022-3903"
},
{
"category": "external",
"summary": "SUSE Bug 1205220 for CVE-2022-3903",
"url": "https://bugzilla.suse.com/1205220"
},
{
"category": "external",
"summary": "SUSE Bug 1212297 for CVE-2022-3903",
"url": "https://bugzilla.suse.com/1212297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-3903"
},
{
"cve": "CVE-2022-39189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-39189"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-39189",
"url": "https://www.suse.com/security/cve/CVE-2022-39189"
},
{
"category": "external",
"summary": "SUSE Bug 1203066 for CVE-2022-39189",
"url": "https://bugzilla.suse.com/1203066"
},
{
"category": "external",
"summary": "SUSE Bug 1203067 for CVE-2022-39189",
"url": "https://bugzilla.suse.com/1203067"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-39189",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-39189"
},
{
"cve": "CVE-2022-40307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40307"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40307",
"url": "https://www.suse.com/security/cve/CVE-2022-40307"
},
{
"category": "external",
"summary": "SUSE Bug 1203322 for CVE-2022-40307",
"url": "https://bugzilla.suse.com/1203322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-40307"
},
{
"cve": "CVE-2022-40768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40768"
}
],
"notes": [
{
"category": "general",
"text": "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40768",
"url": "https://www.suse.com/security/cve/CVE-2022-40768"
},
{
"category": "external",
"summary": "SUSE Bug 1203514 for CVE-2022-40768",
"url": "https://bugzilla.suse.com/1203514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-40768"
},
{
"cve": "CVE-2022-4095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4095"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4095",
"url": "https://www.suse.com/security/cve/CVE-2022-4095"
},
{
"category": "external",
"summary": "SUSE Bug 1205514 for CVE-2022-4095",
"url": "https://bugzilla.suse.com/1205514"
},
{
"category": "external",
"summary": "SUSE Bug 1205594 for CVE-2022-4095",
"url": "https://bugzilla.suse.com/1205594"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2022-4095",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2022-4095",
"url": "https://bugzilla.suse.com/1208085"
},
{
"category": "external",
"summary": "SUSE Bug 1212319 for CVE-2022-4095",
"url": "https://bugzilla.suse.com/1212319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-4095"
},
{
"cve": "CVE-2022-4129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4129"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4129",
"url": "https://www.suse.com/security/cve/CVE-2022-4129"
},
{
"category": "external",
"summary": "SUSE Bug 1205711 for CVE-2022-4129",
"url": "https://bugzilla.suse.com/1205711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-4129"
},
{
"cve": "CVE-2022-4139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4139"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect TLB flush issue was found in the Linux kernel\u0027s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4139",
"url": "https://www.suse.com/security/cve/CVE-2022-4139"
},
{
"category": "external",
"summary": "SUSE Bug 1205700 for CVE-2022-4139",
"url": "https://bugzilla.suse.com/1205700"
},
{
"category": "external",
"summary": "SUSE Bug 1205815 for CVE-2022-4139",
"url": "https://bugzilla.suse.com/1205815"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-4139",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-4139"
},
{
"cve": "CVE-2022-41850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41850"
}
],
"notes": [
{
"category": "general",
"text": "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-\u003evalue is in progress.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41850",
"url": "https://www.suse.com/security/cve/CVE-2022-41850"
},
{
"category": "external",
"summary": "SUSE Bug 1203960 for CVE-2022-41850",
"url": "https://bugzilla.suse.com/1203960"
},
{
"category": "external",
"summary": "SUSE Bug 1212314 for CVE-2022-41850",
"url": "https://bugzilla.suse.com/1212314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-41850"
},
{
"cve": "CVE-2022-41858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41858"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41858",
"url": "https://www.suse.com/security/cve/CVE-2022-41858"
},
{
"category": "external",
"summary": "SUSE Bug 1205671 for CVE-2022-41858",
"url": "https://bugzilla.suse.com/1205671"
},
{
"category": "external",
"summary": "SUSE Bug 1211484 for CVE-2022-41858",
"url": "https://bugzilla.suse.com/1211484"
},
{
"category": "external",
"summary": "SUSE Bug 1212300 for CVE-2022-41858",
"url": "https://bugzilla.suse.com/1212300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-41858"
},
{
"cve": "CVE-2022-42703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42703"
}
],
"notes": [
{
"category": "general",
"text": "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42703",
"url": "https://www.suse.com/security/cve/CVE-2022-42703"
},
{
"category": "external",
"summary": "SUSE Bug 1202096 for CVE-2022-42703",
"url": "https://bugzilla.suse.com/1202096"
},
{
"category": "external",
"summary": "SUSE Bug 1204168 for CVE-2022-42703",
"url": "https://bugzilla.suse.com/1204168"
},
{
"category": "external",
"summary": "SUSE Bug 1204170 for CVE-2022-42703",
"url": "https://bugzilla.suse.com/1204170"
},
{
"category": "external",
"summary": "SUSE Bug 1206463 for CVE-2022-42703",
"url": "https://bugzilla.suse.com/1206463"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-42703",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-42703",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-42703"
},
{
"cve": "CVE-2022-42895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42895"
}
],
"notes": [
{
"category": "general",
"text": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\nWe recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url \n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42895",
"url": "https://www.suse.com/security/cve/CVE-2022-42895"
},
{
"category": "external",
"summary": "SUSE Bug 1205705 for CVE-2022-42895",
"url": "https://bugzilla.suse.com/1205705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-42895"
},
{
"cve": "CVE-2022-42896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42896"
}
],
"notes": [
{
"category": "general",
"text": "There are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\n\nWe recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url \n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42896",
"url": "https://www.suse.com/security/cve/CVE-2022-42896"
},
{
"category": "external",
"summary": "SUSE Bug 1205709 for CVE-2022-42896",
"url": "https://bugzilla.suse.com/1205709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-42896"
},
{
"cve": "CVE-2022-43750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-43750"
}
],
"notes": [
{
"category": "general",
"text": "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor\u0027s internal memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-43750",
"url": "https://www.suse.com/security/cve/CVE-2022-43750"
},
{
"category": "external",
"summary": "SUSE Bug 1204653 for CVE-2022-43750",
"url": "https://bugzilla.suse.com/1204653"
},
{
"category": "external",
"summary": "SUSE Bug 1211484 for CVE-2022-43750",
"url": "https://bugzilla.suse.com/1211484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-43750"
},
{
"cve": "CVE-2022-4378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4378"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow flaw was found in the Linux kernel\u0027s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4378",
"url": "https://www.suse.com/security/cve/CVE-2022-4378"
},
{
"category": "external",
"summary": "SUSE Bug 1206207 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1206207"
},
{
"category": "external",
"summary": "SUSE Bug 1206228 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1206228"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1208085"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1209225"
},
{
"category": "external",
"summary": "SUSE Bug 1211118 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1211118"
},
{
"category": "external",
"summary": "SUSE Bug 1214268 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1214268"
},
{
"category": "external",
"summary": "SUSE Bug 1218483 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1218483"
},
{
"category": "external",
"summary": "SUSE Bug 1218966 for CVE-2022-4378",
"url": "https://bugzilla.suse.com/1218966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-4378"
},
{
"cve": "CVE-2022-43945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-43945"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-43945",
"url": "https://www.suse.com/security/cve/CVE-2022-43945"
},
{
"category": "external",
"summary": "SUSE Bug 1205128 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1205128"
},
{
"category": "external",
"summary": "SUSE Bug 1205130 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1205130"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1208085"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1209225"
},
{
"category": "external",
"summary": "SUSE Bug 1210124 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1210124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-43945"
},
{
"cve": "CVE-2022-45934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45934"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45934",
"url": "https://www.suse.com/security/cve/CVE-2022-45934"
},
{
"category": "external",
"summary": "SUSE Bug 1205796 for CVE-2022-45934",
"url": "https://bugzilla.suse.com/1205796"
},
{
"category": "external",
"summary": "SUSE Bug 1212292 for CVE-2022-45934",
"url": "https://bugzilla.suse.com/1212292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.109.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.109.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-23T09:43:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-45934"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…