Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:4100-1 Final 1 1 2022-11-18T16:37:24Z current 2022-11-18T16:37:24Z 2022-11-18T16:37:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-4100,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4099,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4100,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4101,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4102,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4103,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4104,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4105,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4106,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4107,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4108,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4109,SUSE-SLE-Module-Live-Patching-15-SP3-2022-4110 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20224100-1/ Link for SUSE-SU-2022:4100-1 https://lists.suse.com/pipermail/sle-security-updates/2022-November/012994.html E-Mail link for SUSE-SU-2022:4100-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202087 SUSE Bug 1202087 https://bugzilla.suse.com/1203613 SUSE Bug 1203613 https://bugzilla.suse.com/1204170 SUSE Bug 1204170 https://bugzilla.suse.com/1204289 SUSE Bug 1204289 https://bugzilla.suse.com/1204381 SUSE Bug 1204381 https://www.suse.com/security/cve/CVE-2021-33655/ SUSE CVE CVE-2021-33655 page https://www.suse.com/security/cve/CVE-2022-2588/ SUSE CVE CVE-2022-2588 page https://www.suse.com/security/cve/CVE-2022-42703/ SUSE CVE CVE-2022-42703 page https://www.suse.com/security/cve/CVE-2022-42722/ SUSE CVE CVE-2022-42722 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-59_37-default-17-150300.2.2 kernel-livepatch-5_3_18-59_37-preempt-17-150300.2.2 kernel-livepatch-5_3_18-59_34-default-18-150300.2.2 kernel-livepatch-5_3_18-59_40-default-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_49-default-15-150300.2.2 kernel-livepatch-5_3_18-150300_59_54-default-14-150300.2.2 kernel-livepatch-5_3_18-150300_59_60-default-13-150300.2.2 kernel-livepatch-5_3_18-150300_59_63-default-10-150300.2.2 kernel-livepatch-5_3_18-150300_59_68-default-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_71-default-8-150300.2.1 kernel-livepatch-5_3_18-150300_59_76-default-7-150300.2.1 kernel-livepatch-5_3_18-59_34-default-18-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-59_37-default-17-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-59_40-default-17-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_43-default-16-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_46-default-16-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_49-default-15-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_54-default-14-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_60-default-13-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_63-default-10-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_68-default-9-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_71-default-8-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_76-default-7-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. CVE-2021-33655 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_49-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-14-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_60-default-13-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_63-default-10-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_68-default-9-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_71-default-8-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_76-default-7-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-17-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224100-1/ https://www.suse.com/security/cve/CVE-2021-33655.html CVE-2021-33655 https://bugzilla.suse.com/1201635 SUSE Bug 1201635 https://bugzilla.suse.com/1202087 SUSE Bug 1202087 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1212291 SUSE Bug 1212291 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-2588 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_49-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-14-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_60-default-13-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_63-default-10-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_68-default-9-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_71-default-8-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_76-default-7-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-17-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224100-1/ https://www.suse.com/security/cve/CVE-2022-2588.html CVE-2022-2588 https://bugzilla.suse.com/1202096 SUSE Bug 1202096 https://bugzilla.suse.com/1203613 SUSE Bug 1203613 https://bugzilla.suse.com/1204183 SUSE Bug 1204183 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. CVE-2022-42703 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_49-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-14-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_60-default-13-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_63-default-10-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_68-default-9-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_71-default-8-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_76-default-7-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-17-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224100-1/ https://www.suse.com/security/cve/CVE-2022-42703.html CVE-2022-42703 https://bugzilla.suse.com/1204168 SUSE Bug 1204168 https://bugzilla.suse.com/1204170 SUSE Bug 1204170 https://bugzilla.suse.com/1206463 SUSE Bug 1206463 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. CVE-2022-42722 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-16-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_49-default-15-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-14-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_60-default-13-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_63-default-10-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_68-default-9-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_71-default-8-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_76-default-7-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-18-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-17-150300.2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-17-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224100-1/ https://www.suse.com/security/cve/CVE-2022-42722.html CVE-2022-42722 https://bugzilla.suse.com/1204125 SUSE Bug 1204125 https://bugzilla.suse.com/1204289 SUSE Bug 1204289 https://bugzilla.suse.com/1209225 SUSE Bug 1209225