Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2721-1 Final 1 1 2022-08-09T11:14:00Z current 2022-08-09T11:14:00Z 2022-08-09T11:14:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-15393: Fixed a memory leak in the usbtest driver which could lead to denial of service (bnc#1173514). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bnc#1196973). The following non-security bugs were fixed: - kvm: emulate: Do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-2721,SUSE-SLE-SERVER-12-SP2-BCL-2022-2721 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ Link for SUSE-SU-2022:2721-1 https://lists.suse.com/pipermail/sle-security-updates/2022-August/011828.html E-Mail link for SUSE-SU-2022:2721-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1173514 SUSE Bug 1173514 https://bugzilla.suse.com/1196973 SUSE Bug 1196973 https://bugzilla.suse.com/1198829 SUSE Bug 1198829 https://bugzilla.suse.com/1200598 SUSE Bug 1200598 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 https://bugzilla.suse.com/1200910 SUSE Bug 1200910 https://bugzilla.suse.com/1201251 SUSE Bug 1201251 https://bugzilla.suse.com/1201429 SUSE Bug 1201429 https://bugzilla.suse.com/1201635 SUSE Bug 1201635 https://bugzilla.suse.com/1201636 SUSE Bug 1201636 https://bugzilla.suse.com/1201742 SUSE Bug 1201742 https://bugzilla.suse.com/1201752 SUSE Bug 1201752 https://bugzilla.suse.com/1201930 SUSE Bug 1201930 https://bugzilla.suse.com/1201940 SUSE Bug 1201940 https://www.suse.com/security/cve/CVE-2020-15393/ SUSE CVE CVE-2020-15393 page https://www.suse.com/security/cve/CVE-2020-36557/ SUSE CVE CVE-2020-36557 page https://www.suse.com/security/cve/CVE-2020-36558/ SUSE CVE CVE-2020-36558 page https://www.suse.com/security/cve/CVE-2021-33655/ SUSE CVE CVE-2021-33655 page https://www.suse.com/security/cve/CVE-2021-33656/ SUSE CVE CVE-2021-33656 page https://www.suse.com/security/cve/CVE-2021-39713/ SUSE CVE CVE-2021-39713 page https://www.suse.com/security/cve/CVE-2022-1462/ SUSE CVE CVE-2022-1462 page https://www.suse.com/security/cve/CVE-2022-20166/ SUSE CVE CVE-2022-20166 page https://www.suse.com/security/cve/CVE-2022-2318/ SUSE CVE CVE-2022-2318 page https://www.suse.com/security/cve/CVE-2022-26365/ SUSE CVE CVE-2022-26365 page https://www.suse.com/security/cve/CVE-2022-33740/ SUSE CVE CVE-2022-33740 page https://www.suse.com/security/cve/CVE-2022-33741/ SUSE CVE CVE-2022-33741 page https://www.suse.com/security/cve/CVE-2022-33742/ SUSE CVE CVE-2022-33742 page https://www.suse.com/security/cve/CVE-2022-36946/ SUSE CVE CVE-2022-36946 page SUSE Linux Enterprise Server 12 SP2-BCL cluster-md-kmp-debug-4.4.121-92.181.1 cluster-md-kmp-default-4.4.121-92.181.1 cluster-md-kmp-vanilla-4.4.121-92.181.1 cluster-network-kmp-debug-4.4.121-92.181.1 cluster-network-kmp-default-4.4.121-92.181.1 cluster-network-kmp-vanilla-4.4.121-92.181.1 dlm-kmp-debug-4.4.121-92.181.1 dlm-kmp-default-4.4.121-92.181.1 dlm-kmp-vanilla-4.4.121-92.181.1 gfs2-kmp-debug-4.4.121-92.181.1 gfs2-kmp-default-4.4.121-92.181.1 gfs2-kmp-vanilla-4.4.121-92.181.1 kernel-debug-4.4.121-92.181.1 kernel-debug-base-4.4.121-92.181.1 kernel-debug-devel-4.4.121-92.181.1 kernel-debug-extra-4.4.121-92.181.1 kernel-debug-kgraft-4.4.121-92.181.1 kernel-default-4.4.121-92.181.1 kernel-default-base-4.4.121-92.181.1 kernel-default-devel-4.4.121-92.181.1 kernel-default-extra-4.4.121-92.181.1 kernel-default-kgraft-4.4.121-92.181.1 kernel-default-man-4.4.121-92.181.1 kernel-devel-4.4.121-92.181.1 kernel-docs-4.4.121-92.181.1 kernel-docs-html-4.4.121-92.181.1 kernel-docs-pdf-4.4.121-92.181.1 kernel-macros-4.4.121-92.181.1 kernel-obs-build-4.4.121-92.181.1 kernel-obs-qa-4.4.121-92.181.1 kernel-source-4.4.121-92.181.1 kernel-source-vanilla-4.4.121-92.181.1 kernel-syms-4.4.121-92.181.1 kernel-vanilla-4.4.121-92.181.1 kernel-vanilla-base-4.4.121-92.181.1 kernel-vanilla-devel-4.4.121-92.181.1 kernel-zfcpdump-4.4.121-92.181.1 ocfs2-kmp-debug-4.4.121-92.181.1 ocfs2-kmp-default-4.4.121-92.181.1 ocfs2-kmp-vanilla-4.4.121-92.181.1 kernel-default-4.4.121-92.181.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-default-base-4.4.121-92.181.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-default-devel-4.4.121-92.181.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-devel-4.4.121-92.181.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-macros-4.4.121-92.181.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-source-4.4.121-92.181.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-syms-4.4.121-92.181.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. CVE-2020-15393 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2020-15393.html CVE-2020-15393 https://bugzilla.suse.com/1173514 SUSE Bug 1173514 A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. CVE-2020-36557 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2020-36557.html CVE-2020-36557 https://bugzilla.suse.com/1201429 SUSE Bug 1201429 https://bugzilla.suse.com/1201742 SUSE Bug 1201742 https://bugzilla.suse.com/1202874 SUSE Bug 1202874 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. CVE-2020-36558 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2020-36558.html CVE-2020-36558 https://bugzilla.suse.com/1200910 SUSE Bug 1200910 https://bugzilla.suse.com/1201752 SUSE Bug 1201752 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. CVE-2021-33655 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2021-33655.html CVE-2021-33655 https://bugzilla.suse.com/1201635 SUSE Bug 1201635 https://bugzilla.suse.com/1202087 SUSE Bug 1202087 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1212291 SUSE Bug 1212291 When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. CVE-2021-33656 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2021-33656.html CVE-2021-33656 https://bugzilla.suse.com/1201636 SUSE Bug 1201636 https://bugzilla.suse.com/1212286 SUSE Bug 1212286 Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel CVE-2021-39713 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2021-39713.html CVE-2021-39713 https://bugzilla.suse.com/1196973 SUSE Bug 1196973 https://bugzilla.suse.com/1197211 SUSE Bug 1197211 https://bugzilla.suse.com/1201790 SUSE Bug 1201790 An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. CVE-2022-1462 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-1462.html CVE-2022-1462 https://bugzilla.suse.com/1198829 SUSE Bug 1198829 In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel CVE-2022-20166 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-20166.html CVE-2022-20166 https://bugzilla.suse.com/1200598 SUSE Bug 1200598 https://bugzilla.suse.com/1212284 SUSE Bug 1212284 There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. CVE-2022-2318 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-2318.html CVE-2022-2318 https://bugzilla.suse.com/1201251 SUSE Bug 1201251 https://bugzilla.suse.com/1212303 SUSE Bug 1212303 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-26365 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-26365.html CVE-2022-26365 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33740 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-33740.html CVE-2022-33740 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33741 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-33741.html CVE-2022-33741 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33742 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-33742.html CVE-2022-33742 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. CVE-2022-36946 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.181.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.181.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1/ https://www.suse.com/security/cve/CVE-2022-36946.html CVE-2022-36946 https://bugzilla.suse.com/1201940 SUSE Bug 1201940 https://bugzilla.suse.com/1201941 SUSE Bug 1201941 https://bugzilla.suse.com/1202312 SUSE Bug 1202312 https://bugzilla.suse.com/1202874 SUSE Bug 1202874 https://bugzilla.suse.com/1203208 SUSE Bug 1203208 https://bugzilla.suse.com/1204132 SUSE Bug 1204132 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1212310 SUSE Bug 1212310