SUSE-SU-2022:4561-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3635: Fixed a use-after-free in the tsttimer of the file drivers/atm/idt77252.c bsc1204631. - CVE-2022-3424: Fixed use-after-free in grusetcontextoption...

CVE-2022-47521

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211P2PATTRCHANNELLIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi...

SUSE-SU-2022:4546-1 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122136 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation bsc1205128. - CVE-2022-4378: Fixed stack overflow in doprocdointvec bsc1206207. - CVE-2022-3586: Fixed use-after-fre...

SUSE-SU-2022:4533-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197120 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation bsc1205128. - CVE-2022-4378: Fixed stack overflow in doprocdointvec bsc1206207. - CVE-2022-3586: Fixed...

SUSE-SU-2022:4534-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005971 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation bsc1205128. - CVE-2022-4378: Fixed stack overflow in doprocdointvec bsc1206207. - CVE-2022-4139: Fixed an issue...

SUSE-SU-2022:4516-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005993 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation bsc1205128. - CVE-2022-4378: Fixed stack overflow in doprocdointvec bsc1206207. - CVE-2022-4139: Fixed an issue...

CVE-2022-42529

Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A...

CVE-2022-20598

In secmediaprotect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...

Input validation

In thermalcoolingdevicestatsupdate of thermalsysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product:...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.520.3.1.el7 - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883027 CVE-2022-4378 - proc: avoid integer type confusion in getproclong Linus Torvalds Orabug: 34883027 CVE-2022-4378 - hugetlbfs: don't delete error page from pagecache James...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.314.6.2.el7 - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883034 CVE-2022-4378 - proc: avoid integer type confusion in getproclong Linus Torvalds Orabug: 34883034 CVE-2022-4378 5.4.17-2136.314.6.1.el7 - RDMA/uverbs: Move IBEVENTDEVICEFATAL ...

Unbreakable Enterprise kernel security update

4.14.35-2047.520.3.1 - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883027 CVE-2022-4378 - proc: avoid integer type confusion in getproclong Linus Torvalds Orabug: 34883027 CVE-2022-4378 - hugetlbfs: don't delete error page from pagecache James Houghton...

Unbreakable Enterprise kernel security update

5.15.0-5.76.5.1 - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883037 CVE-2022-4378 - proc: avoid integer type confusion in getproclong Linus Torvalds Orabug: 34883037 CVE-2022-4378 5.15.0-5.76.5 - KVM: x86: Use SRCU to protect zap in...

GSD-2022-1007976 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()

tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.78 by commit...

GSD-2022-1007801 net: gso: fix panic on frag_list with mixed head alloc types

net: gso: fix panic on fraglist with mixed head alloc types This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit...

PT-2022-36135 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.15.13 through 5.15.79 Description: The issue concerns a potential security vulnerability related to the leaking of a platform device on module removal in the i8042 component. The actual impact and attack plausibility...

PT-2022-36322 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.155 Description: A slab-out-of-bounds write bug was found in the udf find entry function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prio...

PT-2022-36355 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.154 Description: A potential security issue has been identified in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

PT-2022-36002 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue concerns error handling in the ata tport add function. It was introduced in version v2.6.37 and fixed in version v6.0.10. The actual impact and attack plausibility have not yet bee...

Buffer overflow

In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel...