Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:4562-1 Final 1 1 2022-12-19T16:34:10Z current 2022-12-19T16:34:10Z 2022-12-19T16:34:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-59_37 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-4562,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4555,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4562,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4563,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4564,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4570,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4571 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ Link for SUSE-SU-2022:4562-1 https://lists.suse.com/pipermail/sle-security-updates/2022-December/013278.html E-Mail link for SUSE-SU-2022:4562-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1203008 SUSE Bug 1203008 https://bugzilla.suse.com/1203606 SUSE Bug 1203606 https://bugzilla.suse.com/1204424 SUSE Bug 1204424 https://bugzilla.suse.com/1204486 SUSE Bug 1204486 https://bugzilla.suse.com/1204576 SUSE Bug 1204576 https://bugzilla.suse.com/1205130 SUSE Bug 1205130 https://bugzilla.suse.com/1205815 SUSE Bug 1205815 https://bugzilla.suse.com/1206228 SUSE Bug 1206228 https://www.suse.com/security/cve/CVE-2022-2964/ SUSE CVE CVE-2022-2964 page https://www.suse.com/security/cve/CVE-2022-3545/ SUSE CVE CVE-2022-3545 page https://www.suse.com/security/cve/CVE-2022-3577/ SUSE CVE CVE-2022-3577 page https://www.suse.com/security/cve/CVE-2022-3586/ SUSE CVE CVE-2022-3586 page https://www.suse.com/security/cve/CVE-2022-41218/ SUSE CVE CVE-2022-41218 page https://www.suse.com/security/cve/CVE-2022-4139/ SUSE CVE CVE-2022-4139 page https://www.suse.com/security/cve/CVE-2022-4378/ SUSE CVE CVE-2022-4378 page https://www.suse.com/security/cve/CVE-2022-43945/ SUSE CVE CVE-2022-43945 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-preempt-17-150300.2.2 kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. CVE-2022-2964 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-2964.html CVE-2022-2964 https://bugzilla.suse.com/1202686 SUSE Bug 1202686 https://bugzilla.suse.com/1203008 SUSE Bug 1203008 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. CVE-2022-3545 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-3545.html CVE-2022-3545 https://bugzilla.suse.com/1204415 SUSE Bug 1204415 https://bugzilla.suse.com/1204424 SUSE Bug 1204424 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 An out-of-bounds memory write flaw was found in the Linux kernel's Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write. CVE-2022-3577 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-3577.html CVE-2022-3577 https://bugzilla.suse.com/1204470 SUSE Bug 1204470 https://bugzilla.suse.com/1204486 SUSE Bug 1204486 A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. CVE-2022-3586 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-3586.html CVE-2022-3586 https://bugzilla.suse.com/1204439 SUSE Bug 1204439 https://bugzilla.suse.com/1204576 SUSE Bug 1204576 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 https://bugzilla.suse.com/1212294 SUSE Bug 1212294 In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. CVE-2022-41218 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-41218.html CVE-2022-41218 https://bugzilla.suse.com/1202960 SUSE Bug 1202960 https://bugzilla.suse.com/1203606 SUSE Bug 1203606 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. CVE-2022-4139 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-4139.html CVE-2022-4139 https://bugzilla.suse.com/1205700 SUSE Bug 1205700 https://bugzilla.suse.com/1205815 SUSE Bug 1205815 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-4378 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-4378.html CVE-2022-4378 https://bugzilla.suse.com/1206207 SUSE Bug 1206207 https://bugzilla.suse.com/1206228 SUSE Bug 1206228 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 https://bugzilla.suse.com/1211118 SUSE Bug 1211118 https://bugzilla.suse.com/1214268 SUSE Bug 1214268 https://bugzilla.suse.com/1218483 SUSE Bug 1218483 https://bugzilla.suse.com/1218966 SUSE Bug 1218966 The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/ https://www.suse.com/security/cve/CVE-2022-43945.html CVE-2022-43945 https://bugzilla.suse.com/1205128 SUSE Bug 1205128 https://bugzilla.suse.com/1205130 SUSE Bug 1205130 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 https://bugzilla.suse.com/1210124 SUSE Bug 1210124