Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:4113-1 Final 1 1 2022-11-18T17:04:57Z current 2022-11-18T17:04:57Z 2022-11-18T17:04:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-4113,SUSE-SLE-Module-Live-Patching-15-SP4-2022-4113 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20224113-1/ Link for SUSE-SU-2022:4113-1 https://lists.suse.com/pipermail/sle-security-updates/2022-November/013000.html E-Mail link for SUSE-SU-2022:4113-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1200058 SUSE Bug 1200058 https://bugzilla.suse.com/1202087 SUSE Bug 1202087 https://bugzilla.suse.com/1202685 SUSE Bug 1202685 https://bugzilla.suse.com/1203613 SUSE Bug 1203613 https://bugzilla.suse.com/1204170 SUSE Bug 1204170 https://bugzilla.suse.com/1204289 SUSE Bug 1204289 https://bugzilla.suse.com/1204381 SUSE Bug 1204381 https://www.suse.com/security/cve/CVE-2021-33655/ SUSE CVE CVE-2021-33655 page https://www.suse.com/security/cve/CVE-2022-1882/ SUSE CVE CVE-2022-1882 page https://www.suse.com/security/cve/CVE-2022-2588/ SUSE CVE CVE-2022-2588 page https://www.suse.com/security/cve/CVE-2022-2959/ SUSE CVE CVE-2022-2959 page https://www.suse.com/security/cve/CVE-2022-42703/ SUSE CVE CVE-2022-42703 page https://www.suse.com/security/cve/CVE-2022-42722/ SUSE CVE CVE-2022-42722 page SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. CVE-2021-33655 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224113-1/ https://www.suse.com/security/cve/CVE-2021-33655.html CVE-2021-33655 https://bugzilla.suse.com/1201635 SUSE Bug 1201635 https://bugzilla.suse.com/1202087 SUSE Bug 1202087 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1212291 SUSE Bug 1212291 A use-after-free flaw was found in the Linux kernel's pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1882 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224113-1/ https://www.suse.com/security/cve/CVE-2022-1882.html CVE-2022-1882 https://bugzilla.suse.com/1199904 SUSE Bug 1199904 https://bugzilla.suse.com/1200058 SUSE Bug 1200058 It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. CVE-2022-2588 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224113-1/ https://www.suse.com/security/cve/CVE-2022-2588.html CVE-2022-2588 https://bugzilla.suse.com/1202096 SUSE Bug 1202096 https://bugzilla.suse.com/1203613 SUSE Bug 1203613 https://bugzilla.suse.com/1204183 SUSE Bug 1204183 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. CVE-2022-2959 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224113-1/ https://www.suse.com/security/cve/CVE-2022-2959.html CVE-2022-2959 https://bugzilla.suse.com/1202681 SUSE Bug 1202681 https://bugzilla.suse.com/1202685 SUSE Bug 1202685 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. CVE-2022-42703 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224113-1/ https://www.suse.com/security/cve/CVE-2022-42703.html CVE-2022-42703 https://bugzilla.suse.com/1202096 SUSE Bug 1202096 https://bugzilla.suse.com/1204168 SUSE Bug 1204168 https://bugzilla.suse.com/1204170 SUSE Bug 1204170 https://bugzilla.suse.com/1206463 SUSE Bug 1206463 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. CVE-2022-42722 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224113-1/ https://www.suse.com/security/cve/CVE-2022-42722.html CVE-2022-42722 https://bugzilla.suse.com/1204125 SUSE Bug 1204125 https://bugzilla.suse.com/1204289 SUSE Bug 1204289 https://bugzilla.suse.com/1209225 SUSE Bug 1209225