SUSE-IU-2022:861-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2022:861-1 Interim 1 1 2023-05-09T06:26:22Z current 2022-07-18T01:00:00Z 2022-07-18T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2022:861-1 / google/sles-15-sp2-sap-v20220718-x86-64 This image update for google/sles-15-sp2-sap-v20220718-x86-64 contains the following changes: Package binutils was updated: - For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) Adds binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff . - Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem in crash not accepting some of our .ko.debug files. - Add binutils-revert-rela.diff to revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] Package containerd was updated: - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch [ This patch was only released in SLES and Leap. ] - Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + bsc1200145-Limit-the-response-size-of-ExecSync.patch - Update to containerd v1.5.12. Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.5.12> Package curl was updated: - Security fix: [bsc#1200735, CVE-2022-32206] * HTTP compression denial of service * Add curl-CVE-2022-32206.patch - Security fix: [bsc#1200737, CVE-2022-32208] * FTP-KRB bad message verification * Add curl-CVE-2022-32208.patch Package docker was updated: - Update to Docker 20.10.17-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch Package fence-agents was updated: - fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 broken in GCP due to missing "/--zone"/ parameter (bsc#1198872) - Apply proposed patch 0001-fence_gce-Make-zone-optional-for-get_nodes_list-487.patch Package gcc11 was updated: - Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] - Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635 * includes gcc11-pr104931.patch * includes fix for Firefox ICE [gcc#105256] - Add provides/conflicts to glibc crosses since only one GCC version for the same target can be installed at the same time. - Add provides/conflicts to libgccjit. - Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406 * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] - Add gcc11-pr104931.patch to fix miscompile of embedded premake in 0ad on i586. [bsc#1197065] - drop armv5tel, merge arm and armv6hl - use --with-cpu rather than specifying --with-arch/--with-tune to Recoomends. - Remove sys/rseq.h from include-fixed - Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173 * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [boo#1193659] - Enable the cross compilers also on i586 - Enable some cross compilers also in rings - Remove cross compilers for i386 target - Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018 * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [boo#1192951] - Package mwaitintrin.h - Remove spurious exit from change_spec. - Enable the full cross compiler, cross-aarch64-gcc11 and cross-riscv64-gcc11 now provide a fully hosted C (and C++) cross compiler, not just a freestanding one. I.e. with a cross glibc. They don't yet support the sanitizer libraries. Part of [jsc#OBS-124]. Package grub2 was updated: - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch * 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch * 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch * 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch * 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch * 0007-loader-efi-chainloader-Simplify-the-loader-state.patch * 0008-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0010-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0011-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0012-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0013-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0014-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0015-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0016-video-readers-png-Sanity-check-some-huffman-codes.patch * 0017-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0018-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0019-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0020-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0021-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0022-net-ip-Do-IP-fragment-maths-safely.patch * 0023-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0024-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0025-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0026-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0027-net-tftp-Avoid-a-trivial-UAF.patch * 0028-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0029-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0030-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0031-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0032-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0033-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0034-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0035-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0036-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0037-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Update SBAT security contact (boo#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch Package icewm was updated: - Add icewm-build-with-glib2-ver-gt-2.67.3.patch: A later glib2 update will cause icewm failed to build by including gdk-pixbuf-xlib with extern "/C"/ annotation: https://gitlab.gnome.org/GNOME/glib/-/commit/51003d409bb4b6c9a8540f70b92f8045abc4f0c9?merge_request_iid=1715 The patch aims to remove the annotation caused the issue (bsc#1197729). Package kernel-default was updated: - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 307fbca - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1765272 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d929744 - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 2c755e4 - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9a79f2f - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0b69b8a - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 07ac9e9 - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1e6246d - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c6cb889 - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 7be7aa8 - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit fa67a49 - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 65ae6ff - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f9804f2 - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5f2a343 - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f2239f3 - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 947cd5f - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1a61b75 - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0cc24ff - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 006e283 - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit be76ad2 - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f305bb6 - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ea9c198 - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f446cce - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c6d4bce - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 177b58c - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 09deb3c - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f81a4dd - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit d01bb91 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 0f3415d - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c07f56b - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ca39a43 - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 10587ca - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5767b0f - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 720497e - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 2b357b7 - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 83262bf - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 15c2b41 - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 115e0f2 - crypto: x86/poly1305 - Fixup SLS (bsc#1201050 CVE-2021-26341). - commit 2d201f6 - x86: Add straight-line-speculation mitigation (bsc#1201050 CVE-2021-26341). - Update config files. - Refresh patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. - commit 928abdb - x86: Prepare inline-asm for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit 5a87fe7 - x86: Prepare asm files for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit cbb5495 - x86/lib/atomic64_386_32: Rename things (bsc#1201050 CVE-2021-26341). - commit 2201ded - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (bsc#1201050 CVE-2021-26341). - commit beba436 - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - commit 23f1946 - sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154 bsc#1200599). - commit b1e8eec - sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599). - commit 44ec44b - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - commit e96d754 - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - commit d497e61 - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds' universally for now) added two new compiler-dependent configs: * CC_NO_ARRAY_BOUNDS * GCC12_NO_ARRAY_BOUNDS Ignore them -- they are unset by dummy tools (they depend on gcc version == 12), but set as needed during real compilation. - commit a14607c - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679 bsc#1199487). - commit 1ae14c9 - Update patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch (git-fixes CVE-2021-4157 bnc#1194013). - commit fccebe3 - exec: Force single empty string when argv is empty (bsc#1200571). - commit dffa04e - HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132 bsc#1200619). - HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132 bsc#1200619). - HID: bigbenff: prevent null pointer dereference (CVE-2022-20132 bsc#1200619). - HID: add USB_HID dependancy on some USB HID drivers (CVE-2022-20132 bsc#1200619). - commit f2f08be - HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619). - commit f8ff78e - HID: check for valid USB device for many HID drivers (CVE-2022-20132 bsc#1200619). - HID: add hid_is_usb() function to make it simpler for USB detection (CVE-2022-20132 bsc#1200619). - commit 3fe30db - igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604 CVE-2022-20141). - commit 34bf464 - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - commit cd15543 - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - commit 93b1375 - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - commit 94fe3d6 - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - commit 6b5ea17 - floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836). - Update config files. - commit f9d0532 - add mainline tag for a pci-hyperv change - commit 32deed8 - netfilter: nf_tables: disallow non-stateful expression in sets earlier (CVE-2022-1966 bsc#1200015). - commit 41de480 - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - commit 9d94c81 - NFC: netlink: fix sleep in atomic bug when firmware download timeout (CVE-2022-1975 bsc#1200143). - commit bcae1e0 - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974 bsc#1200144). - Refresh patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch. - commit 8ab4a08 - certs: Add EFI_CERT_X509_GUID support for dbx entries (bsc#1177282 CVE-2020-26541). - Update config files. - commit 6bf28b7 - Refresh patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch. In this case, we can not simply use __GENKSYMS__ to wrap new LOCKDOWN_DBG_WRITE/READ_KERNEL fields in enum lockdown_reason struct. So let's remove __GENKSYMS__ and add a kabi workaround patch. (bsc#1199426 CVE-2022-21499) - commit 88eddb5 - lockdown: kABI workaround for lockdown_reason changes (bsc#1199426, CVE-2022-21499). - commit fe7a29a - btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266). - commit 31a8792 - btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent() (CVE-2019-19377 bsc#1158266). - commit 75b17c1 - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - commit b949091 - KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 5a5e587 - lockdown: also lock down previous kgdb use (bsc#1199426 CVE-2022-21499). - commit 090b59e - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729, bsc#1199507). - commit feaf8f1 - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 26884d9 - ext4: avoid cycles in directory h-tree (bsc#1198577 CVE-2022-1184). - commit b98a7a0 - ext4: verify dir block before splitting it (bsc#1198577 CVE-2022-1184). - commit 1b10a51 - x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit d537aef - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit b3703f5 - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 66ff392 - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 155be7c - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit f3a7e3f - x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit a863a71 - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 70a86e2 - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - commit 6a58950 - kABI: Fix kABI after CVE-2022-0171 backport (CVE-2022-0171 bsc#1199509). - commit da4b250 - KVM: SEV: add cache flush to solve SEV cache incoherency issues (CVE-2022-0171 bsc#1199509). - commit b851a8d - ping: remove pr_err from ping_lookup (bsc#1199918). - commit db3c60d - patches.suse/ping-fix-the-dif-and-sdif-check-in-ping_lookup.patch: (bsc#1199918). - commit f3f3a96 - floppy: use a statically allocated error counter (bsc#1199063 CVE-2022-1652). - commit 3cde83e - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734 bsc#1199605 git-fixes). - commit 4841312 - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - Refresh patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch. - commit d1ca538 - Update patches.suse/sctp-delay-auto_asconf-init-until-binding-the-first-.patch headers (CVE-2021-23133 bsc#1184675). Remove unwanted patch headers which have hidden intended CVE and bugzilla references (shown above) when the patch was added. The primary purpose of this commit is to get the CVE/bugzilla references to git and rpm changelog. - commit 33c2a2f - Fix build warning Refreshed: patches.suse/PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch - commit ba12cc4 - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413). - commit fd4d93d - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (bsc#1195612 CVE-2022-24448). - commit db3a8ef - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - commit bdb23bb - series.conf: cleanup - Move submitted patch to "/sorted"/ section patches.suse/0001-SUNRPC-change-locking-for-xs_swap_enable-disable.patch - commit cacd83b - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 5256a40 - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3989909 - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - commit 5d4e32c - ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061). - ixgbe: add improvement for MDD response functionality (bsc#1196426 CVE-2021-33061). - ixgbe: add the ability for the PF to disable VF link state (bsc#1196426 CVE-2021-33061). - commit c5d1777 - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - commit 9f064ea - net/x25: Fix null-ptr-deref caused by x25_disconnect (CVE-2022-1516 bsc#1199012). - commit bd2f1ec - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - commit f2320f9 - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321 bsc#1191647). - commit 14422d8 - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - commit 8562a15 - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - commit f04215d - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - commit 364f54b - Update patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch (bsc#1196018 CVE-2022-28748). added CVE number - commit dfbe27e - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - commit a6e141d - Update patch reference for drm fix (CVE-2022-1419 bsc#1198742) - commit 5c0501b - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit 0581a66 - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - commit 4723baf - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (CVE-2022-1353 bsc#1198516). - commit 981f1ec - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit f607730 - Update patches.suse/cgroup-verify-that-source-is-a-string.patch (bsc#1190131 bsc#1193842 CVE-2021-4154). - commit 0f6b5cd - Update patch references of drm fixes (CVE-2022-1280 bsc#1197914) - commit c917eda - Update patch reference for DRM fix (CVE-2021-20292 bsc#1183723) - commit f6cdff5 - fuse: handle kABI change in struct fuse_req (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 5920a58 - Update patch reference for NFS/RDMA fix (CVE-2022-0812 bsc#1196639) - commit 7e276c6 - livepatch: Don't block removal of patches that are safe to unload (bsc#1071995). - commit 768b9d1 - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - commit aece496 - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - commit 2364cfa - direct-io: defer alignment check until after the EOF check (bsc#1197656). - commit 90d08aa - direct-io: don't force writeback for reads beyond EOF (bsc#1197656). - commit f8a2691 - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - commit 4781e89 - Update patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch references (add CVE-2022-28356 bsc#1197391). - commit bf5ad66 - cifs: fix bad fids sent over wire (bsc#1197157). - commit 3e7e3c4 - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - commit e84694f - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("/rpm: Use bash for %() expansion (jsc#SLE-18234)."/) - commit 7e857f7 - rpm: Use bash for %() expansion (jsc#SLE-18234). Since 15.4 alternatives for /bin/sh are provided by packages <something>-sh. While the interpreter for the build script can be selected the interpreter for %() cannot. The kernel spec files use bashisms in %(). While this could technically be fixed there is more serious underlying problem: neither bash nor any of the alternatives are 100% POSIX compliant nor bug-free. It is not my intent to maintain bug compatibility with any number of shells for shell scripts embedded in the kernel spec file. The spec file syntax is not documented so embedding the shell script in it causes some unspecified transformation to be applied to it. That means that ultimately any changes must be tested by building the kernel, n times if n shells are supported. To reduce maintenance effort require that bash is used for kernel build always. - commit bb95fef - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). When dependency cycles are encountered package dependencies may not be fulfilled during zypper transaction at the time scriptlets are run. This is a problem for kernel scriptlets provided by suse-module-tools when migrating to a SLE release that provides these scriptlets only as part of LTSS. The suse-module-tools that provides kernel scriptlets may be removed early causing migration to fail. - commit ab8dd2d - rpm/*.spec.in: remove backtick usage - commit 87ca1fb - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - commit 9f96679 - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - commit d9a821b - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - commit ec198ed - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - commit ea76821 - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - commit fcb02f5 Package lifecycle-data-sle-module-live-patching was updated: - Added data for 4_12_14-150000_150_89, 4_12_14-150100_197_111, 5_3_18-150200_24_112, 5_3_18-150300_59_60, 5_3_18-150300_59_63. (bsc#1020320) Package openssl-1_1 was updated: - Encrypt the sixteen bytes that were unencrypted in some circumstances on 32-bit x86 platforms. * [bsc#1201099, CVE-2022-2097] * added openssl-CVE-2022-2097.patch - Added openssl-1_1-Fix-file-operations-in-c_rehash.patch * bsc#1200550 * CVE-2022-2068 * Fixed more shell code injection issues in c_rehash - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits - Security fix: [bsc#1199166, CVE-2022-1292] * Added: openssl-CVE-2022-1292.patch * properly sanitise shell metacharacters in c_rehash script. Package p11-kit was updated: - CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065) Added p11-kit-CVE-2020-29362.patch: Package pcre was updated: - Added pcre-8.45-bsc1199232-unicode-property-matching.patch * bsc#1199232 * CVE-2022-1586 * Fixes unicode property matching issue Package python-base was updated: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. Package python3 was updated: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x. - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Add patch support-expat-245.patch: * Support Expat >= 2.4.5 - Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch - build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566) - 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Remove merged patch CVE-2020-8492-urllib-ReDoS.patch and CRLF_injection_via_host_part.patch. Package release-notes-sles-for-sap was updated: 15.2.20220712 (tracked in bsc#1201315)- Trento is fully supported remove it from tech preview section (bsc#1201315) Package resource-agents was updated: - AUDIT-FIND: resource-agents: Predictable log file in /tmp in mariadb.in (bsc#1146691) Add patch: 0001-mariadb-Remove-obsolete-DEBUG_LOG-functionality-1191.patch - RA aws-vpc-move-ip is lacking the possibility to assign a label to an interface. (bsc#1199766) Include upsteam patch: 0001-aws-vpc-move-ip-Allow-to-set-the-interface-label.patch - Can IPaddr2 run ARP for IPV6 in background during start operation (bsc#1196164) Include upstream patches: 0001-IPaddr2-Allow-to-disable-Duplicate-Address-Detection.patch 0002-IPaddr2-Allow-to-send-IPv6-Neighbor-Advertisements-i.patch 0003-IPaddr2-Log-ip-addr-add-options-together.patch 0004-IPaddr2-Clarify-behavior-of-arp_-parameters-for-IPv4.patch - oracle RA lists monpassword as optional but fails unless provided (bsc#1197956) Add upstream patch: 0001-Improve-the-error-message-if-monpassword-was-not-set.patch - Use safe tmp files. Use the variable ${HA_RSCTMP} of the resource agents instead of /tmp. ${HA_RSCTMP} points to a safe directory in /var/run or /run. This patch fix following issues: bsc#1146690 bsc#1146691 bsc#1146692 bsc#1146766 bsc#1146776 bsc#1146784 bsc#1146785 bsc#1146787 - ocfmon user created with "/OCFMON"/ as default password If no password is set the user will not be created. bsc#1021689 bsc#1146687 - Included following upstream patches: 0001-make-secure-tmp-files.patch 0001-increase-the-security-of-monitor-user-in-oracle.patch Package rsyslog was updated: - Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939) * add 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch Package rubygem-actionpack-5_1 was updated: - Added patch 0005-CVE-2021-22904.patch to fix CVE-2021-22904 (bsc#1185780) - Added patch 0004-CVE-2022-23633.patch to fix CVE-2022-23633 (bsc#1196182) Package rubygem-activesupport-5_1 was updated: Package rubygem-rack was updated: - security update- added patches fix CVE-2022-30122 [bsc#1200748], crafted multipart POST request may cause a DoS + rubygem-rack-CVE-2022-30122.patch fix CVE-2022-30123 [bsc#1200750], crafted requests can cause shell escape sequences + rubygem-rack-CVE-2022-30123.patch Package runc was updated: - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch - Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch - Add ExcludeArch for s390 (not s390x) since we've never supported it. - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-29162 bsc#1199460 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. bsc#1199460 * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. - Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus "/Intel RDT is not supported"/ error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) - Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) - Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasÃ¯Â¿Â¼exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. - Drop runc-rpmlintrc because we don't have runc-test anymore. bsc#1193436 Package systemd-presets-branding-SLE was updated: Package vim was updated: - Deleted patches: * restrict-shell-commands.patch * source-check-sandbox.patch * vim-8.0.1568-CVE-2021-3778.patch * vim-8.0.1568-CVE-2021-3796.patch * vim-8.0.1568-CVE-2021-3872.patch * vim-8.0.1568-CVE-2021-3927.patch * vim-8.0.1568-CVE-2021-3928.patch * vim-8.0.1568-CVE-2021-3984.patch * vim-8.0.1568-CVE-2021-4019.patch * vim-8.0.1568-CVE-2021-4193.patch * vim-8.0.1568-CVE-2021-46059.patch * vim-8.0.1568-CVE-2022-0319.patch * vim-8.0.1568-CVE-2022-0351.patch * vim-8.0.1568-CVE-2022-0361.patch * vim-8.0.1568-CVE-2022-0413.patch * vim-8.0.1568-globalvimrc.patch - Added patches: * vim-8.1.0297-dump3.patch * vim-8.2.2411-globalvimrc.patch * disable-unreliable-tests-arch.patch - Updated patches: * disable-unreliable-tests.patch * vim-7.3-filetype_changes.patch * vim-7.3-filetype_ftl.patch * vim-7.3-filetype_spec.patch * vim-7.3-gvimrc_fontset.patch * vim-7.3-help_tags.patch * vim-7.3-mktemp_tutor.patch * vim-7.3-name_vimrc.patch * vim-7.3-sh_is_bash.patch * vim-7.3-use_awk.patch * vim-7.4-disable_lang_no.patch * vim-7.4-filetype_apparmor.patch * vim-7.4-filetype_mine.patch * vim-7.4-highlight_fstab.patch * vim-8.0-ttytype-test.patch * vim-8.0.1568-defaults.patch * vim73-no-static-libpython.patch - Updated to version 8.2 with patch level 5038, fixes the following problems * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read Package xen was updated: - bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings fix xsa402-5.patch - bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition (XSA-401) xsa401-1.patch xsa401-2.patch - bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings (XSA-402) xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch Package zypp-plugin was updated: The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp2-sap-v20220718-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 binutils-2.37-150100.7.37.1 cluster-md-kmp-default-5.3.18-150200.24.120.1 containerd-1.6.6-150000.73.2 crash-7.2.8-150200.18.12.2 curl-7.66.0-150200.4.36.1 dlm-kmp-default-5.3.18-150200.24.120.1 docker-20.10.17_ce-150000.166.1 drbd-9.0.22~1+git.fe2b5983-150200.3.15.2 drbd-kmp-default-9.0.22~1+git.fe2b5983_k5.3.18_150200.24.115-150200.3.15.2 fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.35.1 gfs2-kmp-default-5.3.18-150200.24.120.1 grub2-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 icewm-1.4.2-150000.7.15.1 icewm-lite-1.4.2-150000.7.15.1 kernel-default-5.3.18-150200.24.120.1 ldirectord-4.4.0+git57.70549516-150200.3.53.1 libatomic1-11.3.0+git1637-150000.1.9.1 libctf-nobfd0-2.37-150100.7.37.1 libctf0-2.37-150100.7.37.1 libcurl4-7.66.0-150200.4.36.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libopenssl1_1-1.1.1d-150200.11.51.1 libp11-kit0-0.23.2-150000.4.16.1 libpcre1-8.45-150000.20.13.1 libpython2_7-1_0-2.7.18-150000.41.1 libpython3_6m1_0-3.6.15-150000.3.106.1 libstdc++6-11.3.0+git1637-150000.1.9.1 lifecycle-data-sle-module-live-patching-15-150000.4.75.1 ocfs2-kmp-default-5.3.18-150200.24.120.1 openssl-1_1-1.1.1d-150200.11.51.1 p11-kit-0.23.2-150000.4.16.1 p11-kit-tools-0.23.2-150000.4.16.1 python-base-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python3-3.6.15-150000.3.106.1 python3-M2Crypto-0.35.2-150000.3.11.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-zypp-plugin-0.6.3-150000.4.2.1 release-notes-sles-for-sap-15.2.20220712-150200.3.13.1 resource-agents-4.4.0+git57.70549516-150200.3.53.1 rsyslog-8.2106.0-150200.4.29.1 ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 runc-1.1.3-150000.30.1 systemd-presets-branding-SLE-15.1-150100.20.11.1 vim-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 xen-libs-4.13.4_10-150200.3.55.1 binutils-2.37-150100.7.37.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 cluster-md-kmp-default-5.3.18-150200.24.120.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 containerd-1.6.6-150000.73.2 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 crash-7.2.8-150200.18.12.2 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 curl-7.66.0-150200.4.36.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 dlm-kmp-default-5.3.18-150200.24.120.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 docker-20.10.17_ce-150000.166.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 drbd-9.0.22~1+git.fe2b5983-150200.3.15.2 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 drbd-kmp-default-9.0.22~1+git.fe2b5983_k5.3.18_150200.24.115-150200.3.15.2 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.35.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 gfs2-kmp-default-5.3.18-150200.24.120.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 grub2-2.04-150200.9.63.2 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 grub2-i386-pc-2.04-150200.9.63.2 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 grub2-x86_64-efi-2.04-150200.9.63.2 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 icewm-1.4.2-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 icewm-lite-1.4.2-150000.7.15.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 kernel-default-5.3.18-150200.24.120.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 ldirectord-4.4.0+git57.70549516-150200.3.53.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libatomic1-11.3.0+git1637-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libctf-nobfd0-2.37-150100.7.37.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libctf0-2.37-150100.7.37.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libcurl4-7.66.0-150200.4.36.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libgcc_s1-11.3.0+git1637-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libopenssl1_1-1.1.1d-150200.11.51.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libp11-kit0-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libpcre1-8.45-150000.20.13.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libpython2_7-1_0-2.7.18-150000.41.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libpython3_6m1_0-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 libstdc++6-11.3.0+git1637-150000.1.9.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 lifecycle-data-sle-module-live-patching-15-150000.4.75.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 ocfs2-kmp-default-5.3.18-150200.24.120.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 openssl-1_1-1.1.1d-150200.11.51.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 p11-kit-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 p11-kit-tools-0.23.2-150000.4.16.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 python-base-2.7.18-150000.41.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 python-xml-2.7.18-150000.41.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 python3-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 python3-M2Crypto-0.35.2-150000.3.11.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 python3-base-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 python3-curses-3.6.15-150000.3.106.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 python3-zypp-plugin-0.6.3-150000.4.2.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 release-notes-sles-for-sap-15.2.20220712-150200.3.13.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 resource-agents-4.4.0+git57.70549516-150200.3.53.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 rsyslog-8.2106.0-150200.4.29.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 runc-1.1.3-150000.30.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 systemd-presets-branding-SLE-15.1-150100.20.11.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 vim-8.2.5038-150000.5.21.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 vim-data-common-8.2.5038-150000.5.21.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 xen-libs-4.13.4_10-150200.3.55.1 as a component of Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64 In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 CVE-2015-20107 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libpython2_7-1_0-2.7.18-150000.41.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python-base-2.7.18-150000.41.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python-xml-2.7.18-150000.41.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-curses-3.6.15-150000.3.106.1 important 8 AV:N/AC:L/Au:S/C:P/I:C/A:P fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. CVE-2017-17087 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. CVE-2019-19377 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. CVE-2020-26541 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. CVE-2020-29362 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libp11-kit0-0.23.2-150000.4.16.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:p11-kit-0.23.2-150000.4.16.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:p11-kit-tools-0.23.2-150000.4.16.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-curses-3.6.15-150000.3.106.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. CVE-2021-20292 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. CVE-2021-20321 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. CVE-2021-22904 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. CVE-2021-23133 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. CVE-2021-26341 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. CVE-2021-3572 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-curses-3.6.15-150000.3.106.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3695 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3696 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVE-2021-3697 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. CVE-2021-3733 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-curses-3.6.15-150000.3.106.1 low 4 AV:N/AC:L/Au:S/C:N/I:N/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use After Free CVE-2021-3796 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3872 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3875 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3903 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3927 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use of Uninitialized Variable CVE-2021-3928 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3968 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3973 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C vim is vulnerable to Use After Free CVE-2021-3974 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3984 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4019 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Use After Free CVE-2021-4069 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4136 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. CVE-2021-4154 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. CVE-2021-4157 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 low 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C vim is vulnerable to Out-of-bounds Read CVE-2021-4166 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P vim is vulnerable to Use After Free CVE-2021-4192 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P vim is vulnerable to Out-of-bounds Read CVE-2021-4193 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2021-46059 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate vim is vulnerable to Out-of-bounds Read CVE-2022-0128 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. CVE-2022-0168 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). CVE-2022-0171 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0213 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0261 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in vim/vim prior to 8.2. CVE-2022-0318 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. CVE-2022-0351 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0359 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0361 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVE-2022-0392 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0407 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-0413 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVE-2022-0696 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. CVE-2022-0812 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. CVE-2022-1011 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. CVE-2022-1158 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. CVE-2022-1184 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. CVE-2022-1280 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). CVE-2022-1292 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libopenssl1_1-1.1.1d-150200.11.51.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:openssl-1_1-1.1.1d-150200.11.51.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. CVE-2022-1353 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1381 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. CVE-2022-1419 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVE-2022-1420 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. CVE-2022-1516 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. CVE-2022-1586 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libpcre1-8.45-150000.20.13.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1616 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVE-2022-1619 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. CVE-2022-1620 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVE-2022-1652 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1679 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. CVE-2022-1729 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. CVE-2022-1733 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. CVE-2022-1734 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. CVE-2022-1735 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. CVE-2022-1771 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. CVE-2022-1785 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2.4979. CVE-2022-1796 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-1836 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-1851 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-1897 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-1898 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-1927 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-8.2.5038-150000.5.21.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:vim-data-common-8.2.5038-150000.5.21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-1966 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. CVE-2022-1974 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. CVE-2022-1975 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel CVE-2022-20132 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 4.9 AV:L/AC:L/Au:N/C:C/I:N/A:N In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel CVE-2022-20141 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel CVE-2022-20154 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). CVE-2022-2068 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libopenssl1_1-1.1.1d-150200.11.51.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:openssl-1_1-1.1.1d-150200.11.51.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). CVE-2022-2097 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libopenssl1_1-1.1.1d-150200.11.51.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:openssl-1_1-1.1.1d-150200.11.51.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21166 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CVE-2022-21499 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. CVE-2022-23633 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. CVE-2022-24448 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVE-2022-25236 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-3.6.15-150000.3.106.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:python3-curses-3.6.15-150000.3.106.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. CVE-2022-26362 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26363 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:xen-libs-4.13.4_10-150200.3.55.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. CVE-2022-28356 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28733 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28734 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 moderate ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28735 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-28736 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-i386-pc-2.04-150200.9.63.2 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:grub2-x86_64-efi-2.04-150200.9.63.2 important ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2022-28748 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 low The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. CVE-2022-28893 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. CVE-2022-29162 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:runc-1.1.3-150000.30.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29901 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. CVE-2022-30122 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 moderate A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. CVE-2022-30123 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 critical The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. CVE-2022-30594 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:cluster-md-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:dlm-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:gfs2-kmp-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:kernel-default-5.3.18-150200.24.120.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:ocfs2-kmp-default-5.3.18-150200.24.120.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. CVE-2022-31030 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:containerd-1.6.6-150000.73.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. CVE-2022-32206 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. CVE-2022-32208 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:curl-7.66.0-150200.4.36.1 Public Cloud Image google/sles-15-sp2-sap-v20220718-x86-64:libcurl4-7.66.0-150200.4.36.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N