Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP1) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:4024-1 Final 1 1 2022-11-16T20:34:55Z current 2022-11-16T20:34:55Z 2022-11-16T20:34:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP1) This update for the Linux Kernel 4.12.14-150100_197_117 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-4024,SUSE-SLE-Live-Patching-12-SP4-2022-4024,SUSE-SLE-Live-Patching-12-SP5-2022-4025,SUSE-SLE-Module-Live-Patching-15-SP1-2022-4029 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20224024-1/ Link for SUSE-SU-2022:4024-1 https://lists.suse.com/pipermail/sle-security-updates/2022-November/012957.html E-Mail link for SUSE-SU-2022:4024-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202087 SUSE Bug 1202087 https://bugzilla.suse.com/1203613 SUSE Bug 1203613 https://bugzilla.suse.com/1204170 SUSE Bug 1204170 https://www.suse.com/security/cve/CVE-2021-33655/ SUSE CVE CVE-2021-33655 page https://www.suse.com/security/cve/CVE-2022-2588/ SUSE CVE CVE-2022-2588 page https://www.suse.com/security/cve/CVE-2022-42703/ SUSE CVE CVE-2022-42703 page SUSE Linux Enterprise Live Patching 12 SP4 SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Live Patching 15 SP1 kgraft-patch-4_12_14-95_102-default-4-2.1 kgraft-patch-4_12_14-122_127-default-4-2.1 kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1 kgraft-patch-4_12_14-95_102-default-4-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-122_127-default-4-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP1 When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. CVE-2021-33655 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_102-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_127-default-4-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224024-1/ https://www.suse.com/security/cve/CVE-2021-33655.html CVE-2021-33655 https://bugzilla.suse.com/1201635 SUSE Bug 1201635 https://bugzilla.suse.com/1202087 SUSE Bug 1202087 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1212291 SUSE Bug 1212291 It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. CVE-2022-2588 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_102-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_127-default-4-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224024-1/ https://www.suse.com/security/cve/CVE-2022-2588.html CVE-2022-2588 https://bugzilla.suse.com/1202096 SUSE Bug 1202096 https://bugzilla.suse.com/1203613 SUSE Bug 1203613 https://bugzilla.suse.com/1204183 SUSE Bug 1204183 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. CVE-2022-42703 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_102-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_127-default-4-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224024-1/ https://www.suse.com/security/cve/CVE-2022-42703.html CVE-2022-42703 https://bugzilla.suse.com/1202096 SUSE Bug 1202096 https://bugzilla.suse.com/1204168 SUSE Bug 1204168 https://bugzilla.suse.com/1204170 SUSE Bug 1204170 https://bugzilla.suse.com/1206463 SUSE Bug 1206463 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1209225 SUSE Bug 1209225