suse-su-2023:0591-1
Vulnerability from csaf_suse
Published
2023-03-02 08:21
Modified
2023-03-02 08:21
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases (bsc#1206399).
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073).
- CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125).
The following non-security bugs were fixed:
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- ext4: Detect already used quota file early (bsc#1206873).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).
- ibmveth: Always stop tx queues during close (bsc#1065729).
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mm, memcg: do not high throttle allocators based on wraparound
- mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- mm, memcg: throttle allocators based on ancestral memory.high
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- module: Remove accidental change of module_enable_x() (git-fixes).
- module: avoid *goto*s in module_sig_check() (git-fixes).
- module: merge repetitive strings in module_sig_check() (git-fixes).
- module: set MODULE_STATE_GOING state when a module fails to load (git-fixes).
- modules: lockdep: Suppress suspicious RCU usage warning (git-fixes).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes).
- nfs: Fix an Oops in nfs_d_automount() (git-fixes).
- nfs: Fix memory leaks (git-fixes).
- nfs: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).
- nfs: Handle missing attributes in OPEN reply (bsc#1203740).
- nfs: Zero-stateid SETATTR should first return delegation (git-fixes).
- nfs: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfs_find_open_context() may only select open files (git-fixes).
- nfs: nfs_xdr_status should record the procedure name (git-fixes).
- nfs: we do not support removing system.nfs4_acl (git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).
- nfsd: Keep existing listeners on portlist error (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix error handling in NFSv4.0 callbacks (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: error out when relink swapfile (git-fixes).
- nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).
- nfsv4: Fix races between open and dentry revalidation (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- pnfs/nfsv4: Try to return invalid layout in pnfs_layout_process() (git-fixes).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- powerpc/xive: Add a check for memory allocation failure (git-fixes).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395).
- powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Do not start a timer on an already queued rpc task (git-fixes).
- sunrpc: Fix missing release socket in rpc_sockname() (git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Handle 0 length opaque XDR object data properly (git-fixes).
- sunrpc: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- sunrpc: Move simple_get_bytes and simple_get_netobj into private header (git-fixes).
- sunrpc: check that domain table is empty at module unload (git-fixes).
- sunrpc: stop printk reading past end of string (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- tracing: Verify if trace array exists before destroying it (git-fixes).
- udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).
- udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- udf: Limit sparing table size (bsc#1206643).
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- udf: fix the problem that the disc content is not displayed (bsc#1206644).
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
Patchnames
SUSE-2023-591,SUSE-SLE-Module-RT-15-SP3-2023-591,SUSE-SUSE-MicroOS-5.1-2023-591,SUSE-SUSE-MicroOS-5.2-2023-591
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases (bsc#1206399).\n- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393).\n- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073).\n- CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).\n- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).\n- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125).\n\nThe following non-security bugs were fixed:\n\n- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)\n- arm64: dts: allwinner: H5: Add PMU node (git-fixes)\n- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)\n- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)\n- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)\n- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)\n- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)\n- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)\n- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).\n- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)\n- arm64: tegra: Fix \u0027active-low\u0027 warning for Jetson Xavier regulator (git-fixes)\n- btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904).\n- drbd: destroy workqueue when drbd device was freed (git-fixes).\n- drbd: remove usage of list iterator variable after loop (git-fixes).\n- drbd: use after free in drbd_create_device() (git-fixes).\n- ext4: Detect already used quota file early (bsc#1206873).\n- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).\n- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).\n- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).\n- ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).\n- ext4: avoid resizing to a partial cluster size (bsc#1206880).\n- ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854).\n- ext4: continue to expand file system when the target size does not reach (bsc#1206882).\n- ext4: convert BUG_ON\u0027s to WARN_ON\u0027s in mballoc.c (bsc#1206859).\n- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).\n- ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875).\n- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).\n- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).\n- ext4: fix a data race at inode-\u003ei_disksize (bsc#1206855).\n- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth \u003e 0 (bsc#1206881).\n- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).\n- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).\n- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).\n- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).\n- ext4: fix uninititialized value in \u0027ext4_evict_inode\u0027 (bsc#1206893).\n- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).\n- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).\n- ext4: fix warning in \u0027ext4_da_release_space\u0027 (bsc#1206887).\n- ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).\n- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).\n- ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).\n- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).\n- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).\n- ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).\n- fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).\n- ibmveth: Always stop tx queues during close (bsc#1065729).\n- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).\n- lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).\n- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634).\n- lockd: lockd server-side shouldn\u0027t set fl_ops (git-fixes).\n- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).\n- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).\n- mm, memcg: do not high throttle allocators based on wraparound\n- mm, memcg: fix corruption on 64-bit divisor in memory.high throttling\n- mm, memcg: throttle allocators based on ancestral memory.high\n- mm/filemap.c: clear page error before actual read (bsc#1206635).\n- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).\n- module: Remove accidental change of module_enable_x() (git-fixes).\n- module: avoid *goto*s in module_sig_check() (git-fixes).\n- module: merge repetitive strings in module_sig_check() (git-fixes).\n- module: set MODULE_STATE_GOING state when a module fails to load (git-fixes).\n- modules: lockdep: Suppress suspicious RCU usage warning (git-fixes).\n- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).\n- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).\n- net: sunrpc: Fix off-by-one issues in \u0027rpc_ntop6\u0027 (git-fixes).\n- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).\n- nfs4: Fix kmemleak when allocate slot failed (git-fixes).\n- nfs4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes).\n- nfs: Fix an Oops in nfs_d_automount() (git-fixes).\n- nfs: Fix memory leaks (git-fixes).\n- nfs: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).\n- nfs: Handle missing attributes in OPEN reply (bsc#1203740).\n- nfs: Zero-stateid SETATTR should first return delegation (git-fixes).\n- nfs: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes).\n- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).\n- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).\n- nfs: nfs_find_open_context() may only select open files (git-fixes).\n- nfs: nfs_xdr_status should record the procedure name (git-fixes).\n- nfs: we do not support removing system.nfs4_acl (git-fixes).\n- nfsd: Clone should commit src file metadata too (git-fixes).\n- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).\n- nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).\n- nfsd: Keep existing listeners on portlist error (git-fixes).\n- nfsd: Return nfserr_serverfault if splice_ok but buf-\u003epages have data (git-fixes).\n- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).\n- nfsd: fix error handling in NFSv4.0 callbacks (git-fixes).\n- nfsd: safer handling of corrupted c_type (git-fixes).\n- nfsv4 expose nfs_parse_server_name function (git-fixes).\n- nfsv4 only print the label when its queried (git-fixes).\n- nfsv4 remove zero number of fs_locations entries error check (git-fixes).\n- nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).\n- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).\n- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).\n- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).\n- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).\n- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).\n- nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes).\n- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).\n- nfsv4.2: error out when relink swapfile (git-fixes).\n- nfsv4.x: Fail client initialisation if state manager thread can\u0027t run (git-fixes).\n- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).\n- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).\n- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).\n- nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).\n- nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).\n- nfsv4: Fix races between open and dentry revalidation (git-fixes).\n- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).\n- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).\n- pnfs/nfsv4: Try to return invalid layout in pnfs_layout_process() (git-fixes).\n- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).\n- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).\n- powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395).\n- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).\n- powerpc/crashkernel: Take \u0027mem=\u0027 option into account (bsc#1065729).\n- powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729).\n- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).\n- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).\n- powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729).\n- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).\n- powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395).\n- powerpc/powernv: add missing of_node_put (bsc#1065729).\n- powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729).\n- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).\n- powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729).\n- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).\n- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).\n- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).\n- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729).\n- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).\n- powerpc/xive: Add a check for memory allocation failure (git-fixes).\n- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).\n- powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395).\n- powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729).\n- powerpc: improve handling of unrecoverable system reset (bsc#1065729).\n- powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729).\n- quota: Check next/prev free block number after reading from quota file (bsc#1206640).\n- rpc: fix NULL dereference on kmalloc failure (git-fixes).\n- rpc: fix gss_svc_init cleanup on failure (git-fixes).\n- sbitmap: fix lockup while swapping (bsc#1206602).\n- sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841).\n- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).\n- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).\n- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).\n- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).\n- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).\n- scsi: lpfc: Remove redundant pointer \u0027lp\u0027 (jsc#PED-1445).\n- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).\n- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).\n- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).\n- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).\n- scsi: qla2xxx: Initialize vha-\u003eunknown_atio_[list, work] for NPIV hosts (jsc#PED-568).\n- scsi: qla2xxx: Remove duplicate of vha-\u003eiocb_work initialization (jsc#PED-568).\n- scsi: qla2xxx: Remove unused variable \u0027found_devs\u0027 (jsc#PED-568).\n- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).\n- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).\n- sunrpc: Do not start a timer on an already queued rpc task (git-fixes).\n- sunrpc: Fix missing release socket in rpc_sockname() (git-fixes).\n- sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes).\n- sunrpc: Fix socket waits for write buffer space (git-fixes).\n- sunrpc: Handle 0 length opaque XDR object data properly (git-fixes).\n- sunrpc: Mitigate cond_resched() in xprt_transmit() (git-fixes).\n- sunrpc: Move simple_get_bytes and simple_get_netobj into private header (git-fixes).\n- sunrpc: check that domain table is empty at module unload (git-fixes).\n- sunrpc: stop printk reading past end of string (git-fixes).\n- svcrdma: Fix another Receive buffer leak (git-fixes).\n- svcrdma: Fix backchannel return code (git-fixes).\n- tracing: Verify if trace array exists before destroying it (git-fixes).\n- udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).\n- udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).\n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).\n- udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).\n- udf: Fix iocharset=utf8 mount option (bsc#1206647).\n- udf: Limit sparing table size (bsc#1206643).\n- udf: fix silent AED tagLocation corruption (bsc#1206645).\n- udf: fix the problem that the disc content is not displayed (bsc#1206644).\n- udf_get_extendedattr() had no boundary checks (bsc#1206648).\n- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).\n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-591,SUSE-SLE-Module-RT-15-SP3-2023-591,SUSE-SUSE-MicroOS-5.1-2023-591,SUSE-SUSE-MicroOS-5.2-2023-591",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0591-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0591-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230591-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0591-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/013959.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1156395",
"url": "https://bugzilla.suse.com/1156395"
},
{
"category": "self",
"summary": "SUSE Bug 1203740",
"url": "https://bugzilla.suse.com/1203740"
},
{
"category": "self",
"summary": "SUSE Bug 1204614",
"url": "https://bugzilla.suse.com/1204614"
},
{
"category": "self",
"summary": "SUSE Bug 1204989",
"url": "https://bugzilla.suse.com/1204989"
},
{
"category": "self",
"summary": "SUSE Bug 1205496",
"url": "https://bugzilla.suse.com/1205496"
},
{
"category": "self",
"summary": "SUSE Bug 1205601",
"url": "https://bugzilla.suse.com/1205601"
},
{
"category": "self",
"summary": "SUSE Bug 1205695",
"url": "https://bugzilla.suse.com/1205695"
},
{
"category": "self",
"summary": "SUSE Bug 1206073",
"url": "https://bugzilla.suse.com/1206073"
},
{
"category": "self",
"summary": "SUSE Bug 1206344",
"url": "https://bugzilla.suse.com/1206344"
},
{
"category": "self",
"summary": "SUSE Bug 1206393",
"url": "https://bugzilla.suse.com/1206393"
},
{
"category": "self",
"summary": "SUSE Bug 1206399",
"url": "https://bugzilla.suse.com/1206399"
},
{
"category": "self",
"summary": "SUSE Bug 1206515",
"url": "https://bugzilla.suse.com/1206515"
},
{
"category": "self",
"summary": "SUSE Bug 1206602",
"url": "https://bugzilla.suse.com/1206602"
},
{
"category": "self",
"summary": "SUSE Bug 1206634",
"url": "https://bugzilla.suse.com/1206634"
},
{
"category": "self",
"summary": "SUSE Bug 1206635",
"url": "https://bugzilla.suse.com/1206635"
},
{
"category": "self",
"summary": "SUSE Bug 1206636",
"url": "https://bugzilla.suse.com/1206636"
},
{
"category": "self",
"summary": "SUSE Bug 1206637",
"url": "https://bugzilla.suse.com/1206637"
},
{
"category": "self",
"summary": "SUSE Bug 1206640",
"url": "https://bugzilla.suse.com/1206640"
},
{
"category": "self",
"summary": "SUSE Bug 1206641",
"url": "https://bugzilla.suse.com/1206641"
},
{
"category": "self",
"summary": "SUSE Bug 1206642",
"url": "https://bugzilla.suse.com/1206642"
},
{
"category": "self",
"summary": "SUSE Bug 1206643",
"url": "https://bugzilla.suse.com/1206643"
},
{
"category": "self",
"summary": "SUSE Bug 1206644",
"url": "https://bugzilla.suse.com/1206644"
},
{
"category": "self",
"summary": "SUSE Bug 1206645",
"url": "https://bugzilla.suse.com/1206645"
},
{
"category": "self",
"summary": "SUSE Bug 1206646",
"url": "https://bugzilla.suse.com/1206646"
},
{
"category": "self",
"summary": "SUSE Bug 1206647",
"url": "https://bugzilla.suse.com/1206647"
},
{
"category": "self",
"summary": "SUSE Bug 1206648",
"url": "https://bugzilla.suse.com/1206648"
},
{
"category": "self",
"summary": "SUSE Bug 1206649",
"url": "https://bugzilla.suse.com/1206649"
},
{
"category": "self",
"summary": "SUSE Bug 1206841",
"url": "https://bugzilla.suse.com/1206841"
},
{
"category": "self",
"summary": "SUSE Bug 1206854",
"url": "https://bugzilla.suse.com/1206854"
},
{
"category": "self",
"summary": "SUSE Bug 1206855",
"url": "https://bugzilla.suse.com/1206855"
},
{
"category": "self",
"summary": "SUSE Bug 1206857",
"url": "https://bugzilla.suse.com/1206857"
},
{
"category": "self",
"summary": "SUSE Bug 1206858",
"url": "https://bugzilla.suse.com/1206858"
},
{
"category": "self",
"summary": "SUSE Bug 1206859",
"url": "https://bugzilla.suse.com/1206859"
},
{
"category": "self",
"summary": "SUSE Bug 1206860",
"url": "https://bugzilla.suse.com/1206860"
},
{
"category": "self",
"summary": "SUSE Bug 1206873",
"url": "https://bugzilla.suse.com/1206873"
},
{
"category": "self",
"summary": "SUSE Bug 1206875",
"url": "https://bugzilla.suse.com/1206875"
},
{
"category": "self",
"summary": "SUSE Bug 1206876",
"url": "https://bugzilla.suse.com/1206876"
},
{
"category": "self",
"summary": "SUSE Bug 1206877",
"url": "https://bugzilla.suse.com/1206877"
},
{
"category": "self",
"summary": "SUSE Bug 1206878",
"url": "https://bugzilla.suse.com/1206878"
},
{
"category": "self",
"summary": "SUSE Bug 1206880",
"url": "https://bugzilla.suse.com/1206880"
},
{
"category": "self",
"summary": "SUSE Bug 1206881",
"url": "https://bugzilla.suse.com/1206881"
},
{
"category": "self",
"summary": "SUSE Bug 1206882",
"url": "https://bugzilla.suse.com/1206882"
},
{
"category": "self",
"summary": "SUSE Bug 1206883",
"url": "https://bugzilla.suse.com/1206883"
},
{
"category": "self",
"summary": "SUSE Bug 1206884",
"url": "https://bugzilla.suse.com/1206884"
},
{
"category": "self",
"summary": "SUSE Bug 1206885",
"url": "https://bugzilla.suse.com/1206885"
},
{
"category": "self",
"summary": "SUSE Bug 1206886",
"url": "https://bugzilla.suse.com/1206886"
},
{
"category": "self",
"summary": "SUSE Bug 1206887",
"url": "https://bugzilla.suse.com/1206887"
},
{
"category": "self",
"summary": "SUSE Bug 1206888",
"url": "https://bugzilla.suse.com/1206888"
},
{
"category": "self",
"summary": "SUSE Bug 1206889",
"url": "https://bugzilla.suse.com/1206889"
},
{
"category": "self",
"summary": "SUSE Bug 1206890",
"url": "https://bugzilla.suse.com/1206890"
},
{
"category": "self",
"summary": "SUSE Bug 1206891",
"url": "https://bugzilla.suse.com/1206891"
},
{
"category": "self",
"summary": "SUSE Bug 1206893",
"url": "https://bugzilla.suse.com/1206893"
},
{
"category": "self",
"summary": "SUSE Bug 1206896",
"url": "https://bugzilla.suse.com/1206896"
},
{
"category": "self",
"summary": "SUSE Bug 1206904",
"url": "https://bugzilla.suse.com/1206904"
},
{
"category": "self",
"summary": "SUSE Bug 1207036",
"url": "https://bugzilla.suse.com/1207036"
},
{
"category": "self",
"summary": "SUSE Bug 1207125",
"url": "https://bugzilla.suse.com/1207125"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3112 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3115 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3564 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-47520 page",
"url": "https://www.suse.com/security/cve/CVE-2022-47520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23454 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23455 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23455/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2023-03-02T08:21:46Z",
"generator": {
"date": "2023-03-02T08:21:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0591-1",
"initial_release_date": "2023-03-02T08:21:46Z",
"revision_history": [
{
"date": "2023-03-02T08:21:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.118.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.118.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.118.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.118.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.118.1.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.118.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.118.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.118.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.118.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.118.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.118.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.118.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP3",
"product": {
"name": "SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.3.18-150300.118.1.noarch as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch"
},
"product_reference": "kernel-devel-rt-5.3.18-150300.118.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64"
},
"product_reference": "kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.118.1.noarch as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.118.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.118.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.118.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3112"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3112",
"url": "https://www.suse.com/security/cve/CVE-2022-3112"
},
{
"category": "external",
"summary": "SUSE Bug 1206399 for CVE-2022-3112",
"url": "https://bugzilla.suse.com/1206399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-02T08:21:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-3112"
},
{
"cve": "CVE-2022-3115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3115"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3115",
"url": "https://www.suse.com/security/cve/CVE-2022-3115"
},
{
"category": "external",
"summary": "SUSE Bug 1206393 for CVE-2022-3115",
"url": "https://bugzilla.suse.com/1206393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-02T08:21:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-3115"
},
{
"cve": "CVE-2022-3564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3564"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3564",
"url": "https://www.suse.com/security/cve/CVE-2022-3564"
},
{
"category": "external",
"summary": "SUSE Bug 1206073 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1206073"
},
{
"category": "external",
"summary": "SUSE Bug 1206314 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1206314"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-02T08:21:46Z",
"details": "important"
}
],
"title": "CVE-2022-3564"
},
{
"cve": "CVE-2022-47520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-47520"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-47520",
"url": "https://www.suse.com/security/cve/CVE-2022-47520"
},
{
"category": "external",
"summary": "SUSE Bug 1206515 for CVE-2022-47520",
"url": "https://bugzilla.suse.com/1206515"
},
{
"category": "external",
"summary": "SUSE Bug 1207823 for CVE-2022-47520",
"url": "https://bugzilla.suse.com/1207823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-02T08:21:46Z",
"details": "important"
}
],
"title": "CVE-2022-47520"
},
{
"cve": "CVE-2023-23454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23454"
}
],
"notes": [
{
"category": "general",
"text": "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23454",
"url": "https://www.suse.com/security/cve/CVE-2023-23454"
},
{
"category": "external",
"summary": "SUSE Bug 1207036 for CVE-2023-23454",
"url": "https://bugzilla.suse.com/1207036"
},
{
"category": "external",
"summary": "SUSE Bug 1207188 for CVE-2023-23454",
"url": "https://bugzilla.suse.com/1207188"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2023-23454",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2023-23454",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2023-23454",
"url": "https://bugzilla.suse.com/1208085"
},
{
"category": "external",
"summary": "SUSE Bug 1211833 for CVE-2023-23454",
"url": "https://bugzilla.suse.com/1211833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-02T08:21:46Z",
"details": "important"
}
],
"title": "CVE-2023-23454"
},
{
"cve": "CVE-2023-23455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23455"
}
],
"notes": [
{
"category": "general",
"text": "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23455",
"url": "https://www.suse.com/security/cve/CVE-2023-23455"
},
{
"category": "external",
"summary": "SUSE Bug 1207036 for CVE-2023-23455",
"url": "https://bugzilla.suse.com/1207036"
},
{
"category": "external",
"summary": "SUSE Bug 1207125 for CVE-2023-23455",
"url": "https://bugzilla.suse.com/1207125"
},
{
"category": "external",
"summary": "SUSE Bug 1207189 for CVE-2023-23455",
"url": "https://bugzilla.suse.com/1207189"
},
{
"category": "external",
"summary": "SUSE Bug 1211833 for CVE-2023-23455",
"url": "https://bugzilla.suse.com/1211833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.118.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.118.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.118.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-02T08:21:46Z",
"details": "important"
}
],
"title": "CVE-2023-23455"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…