Bugzilla – Bug 1196584
VUL-0: CVE-2022-0847: kernel-source: overwrite data in arbitrary (read-only) files in kernels 5.8 until 5.16.11 aka "Dirty Pipe"
Last modified: 2024-06-25 16:40:08 UTC
from linux-distro ML -------------------- a vulnerability was fixed in Linux 5.16.11 which allowed local attackers to overwrite data in arbitrary (read-only) files. It was fixed by this patch: https://lore.kernel.org/lkml/20220221100313.1504449-1-max.kellermann@ionos.com/ This maps to Linus's tree here: https://git.kernel.org/linus/9d2231c5d74e13b2a0546fee6737ee4446017903 And, as you say, has been backported into -stable already: 5.16.11 eddef98207d678f21261c2bd07da55938680df4e 5.15.25 114e9f141822e6977633d322c1b03e89bd209932 5.10.102 b19ec7afa9297d862ed86443e0164643b97250ab 5.4.181 87c575d2a238febe8a04241008f18252fe5d093d 4.19.231 d46c42d8d2742742eddf9290e72df4b563f2e301 4.14.268 a162b11c975ef9a03a75027c04052906ed7710da 4.9.303 c460ef6e0596eb5ca844c45338c20f6023f1e43c
affected branches: - cve/linux-5.3 - cve/linux-4.12 - SLE12-SP5 - SLE15-SP3 Already fixed: - SLE15-SP4 - stable
From: Max Kellermann <max.kellermann@ionos.com> Date: Mon, 7 Mar 2022 13:01:19 +0100 Subject: [oss-security] CVE-2022-0847: Linux kernel: overwriting read-only files Hi oss-security, two weeks ago, I found a vulnerability in the Linux kernel since version 5.8 commit f6dd975583bd ("pipe: merge anon_pipe_buf*_ops") due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem. It can be used to inject code into arbitrary processes. It is similar to CVE-2016-5195 "Dirty Cow", but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. A proof-of-concept exploit is attached. For anybody curious, here's an article about how I discovered this: https://dirtypipe.cm4all.com/ Max
Reassigned back to security team.
openSUSE-SU-2022:0760-1: An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.54.1, kernel-64kb-5.3.18-150300.59.54.1, kernel-debug-5.3.18-150300.59.54.1, kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3, kernel-docs-5.3.18-150300.59.54.1, kernel-kvmsmall-5.3.18-150300.59.54.1, kernel-obs-build-5.3.18-150300.59.54.1, kernel-obs-qa-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-syms-5.3.18-150300.59.54.1, kernel-zfcpdump-5.3.18-150300.59.54.1
SUSE-SU-2022:0764-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1191580,1192483,1195701,1195995,1196584 CVE References: CVE-2022-0001,CVE-2022-0002 JIRA References: Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-76.1, kernel-rt_debug-5.3.18-76.1, kernel-source-rt-5.3.18-76.1, kernel-syms-rt-5.3.18-76.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-rt-5.3.18-76.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0763-1: An update that solves three vulnerabilities, contains three features and has 43 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195668,1195701,1195798,1195799,1195823,1195928,1195957,1195995,1196195,1196235,1196339,1196400,1196516,1196584 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.79.1, kernel-rt_debug-5.3.18-150300.79.1, kernel-source-rt-5.3.18-150300.79.1, kernel-syms-rt-5.3.18-150300.79.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.79.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0759-1: An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available. Category: security (important) Bug References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375 JIRA References: SLE-23652 Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-livepatch-SLE15-SP2_Update_25-1-5.5.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.107.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0755-1: An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1156395,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195142,1195352,1195378,1195476,1195477,1195478,1195479,1195480,1195481,1195482,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196400,1196403,1196516,1196584,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.47.1, kernel-source-azure-5.3.18-150300.38.47.1, kernel-syms-azure-5.3.18-150300.38.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0766-1: An update that solves 9 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1107207,1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1 SUSE Linux Enterprise Server 15-LTSS (src): kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1, kernel-zfcpdump-4.12.14-150.86.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-150.86.1, kernel-livepatch-SLE15_Update_28-1-1.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-150.86.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0755-1: An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1156395,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195142,1195352,1195378,1195476,1195477,1195478,1195479,1195480,1195481,1195482,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196400,1196403,1196516,1196584,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.47.1, kernel-source-azure-5.3.18-150300.38.47.1, kernel-syms-azure-5.3.18-150300.38.47.1
SUSE-SU-2022:0768-1: An update that solves 9 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1, kernel-zfcpdump-4.12.14-197.108.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1 SUSE Linux Enterprise Module for Live Patching 15-SP1 (src): kernel-default-4.12.14-197.108.1, kernel-livepatch-SLE15-SP1_Update_29-1-3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1 SUSE Linux Enterprise High Availability 15-SP1 (src): kernel-default-4.12.14-197.108.1 SUSE Enterprise Storage 6 (src): kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1 SUSE CaaS Platform 4.0 (src): kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0768-1: An update that solves 9 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 JIRA References: Sources used: openSUSE Leap 15.4 (src): kernel-debug-4.12.14-197.108.1, kernel-default-4.12.14-197.108.1, kernel-kvmsmall-4.12.14-197.108.1, kernel-vanilla-4.12.14-197.108.1, kernel-zfcpdump-4.12.14-197.108.1 openSUSE Leap 15.3 (src): kernel-debug-4.12.14-197.108.1, kernel-default-4.12.14-197.108.1, kernel-kvmsmall-4.12.14-197.108.1, kernel-vanilla-4.12.14-197.108.1, kernel-zfcpdump-4.12.14-197.108.1
SUSE-SU-2022:0760-1: An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1, kernel-livepatch-SLE15-SP3_Update_15-1-150300.7.5.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.54.1, kernel-obs-build-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-syms-5.3.18-150300.59.54.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.54.1, kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-zfcpdump-5.3.18-150300.59.54.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0761-1: An update that solves 7 vulnerabilities, contains one feature and has 47 fixes is now available. Category: security (important) Bug References: 1046306,1050244,1089644,1094978,1097583,1097584,1097585,1097586,1097587,1097588,1101674,1101816,1103991,1109837,1111981,1112374,1114648,1114685,1114893,1117495,1118661,1119113,1136460,1136461,1157038,1157923,1158533,1174852,1185973,1187716,1189126,1191271,1191580,1191655,1193857,1195080,1195377,1195536,1195543,1195638,1195795,1195823,1195840,1195897,1195908,1195934,1195987,1195995,1196079,1196155,1196400,1196516,1196584,1196612 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24959 JIRA References: SLE-20809 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP5 (src): kernel-rt-4.12.14-10.81.1, kernel-rt_debug-4.12.14-10.81.1, kernel-source-rt-4.12.14-10.81.1, kernel-syms-rt-4.12.14-10.81.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0767-1: An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available. Category: security (important) Bug References: 1046306,1050244,1089644,1094978,1097583,1097584,1097585,1097586,1097587,1097588,1101674,1101816,1103991,1109837,1111981,1112374,1114648,1114685,1114893,1117495,1118661,1119113,1136460,1136461,1157038,1157923,1158533,1174852,1185377,1185973,1187716,1189126,1191271,1191580,1191655,1193857,1193867,1194048,1194516,1195080,1195377,1195536,1195543,1195612,1195638,1195795,1195823,1195840,1195897,1195908,1195934,1195949,1195987,1195995,1196079,1196155,1196400,1196516,1196584,1196612 CVE References: CVE-2021-44879,CVE-2021-45095,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 JIRA References: SLE-20809 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): kernel-default-4.12.14-122.113.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): kernel-docs-4.12.14-122.113.1, kernel-obs-build-4.12.14-122.113.1 SUSE Linux Enterprise Server 12-SP5 (src): kernel-default-4.12.14-122.113.1, kernel-source-4.12.14-122.113.1, kernel-syms-4.12.14-122.113.1 SUSE Linux Enterprise Live Patching 12-SP5 (src): kernel-default-4.12.14-122.113.1, kgraft-patch-SLE12-SP5_Update_29-1-8.3.1 SUSE Linux Enterprise High Availability 12-SP5 (src): kernel-default-4.12.14-122.113.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0765-1: An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available. Category: security (important) Bug References: 1046306,1050244,1089644,1094978,1097583,1097584,1097585,1097586,1097587,1097588,1101674,1101816,1103991,1109837,1111981,1112374,1114648,1114685,1114893,1117495,1118661,1119113,1136460,1136461,1157038,1157923,1158533,1174852,1185377,1185973,1187716,1189126,1191271,1191580,1191655,1193857,1193867,1194048,1194516,1195080,1195377,1195536,1195543,1195612,1195638,1195795,1195823,1195840,1195897,1195908,1195934,1195949,1195987,1195995,1196079,1196155,1196400,1196516,1196584,1196612 CVE References: CVE-2021-44879,CVE-2021-45095,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 JIRA References: SLE-20809 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): kernel-azure-4.12.14-16.91.1, kernel-source-azure-4.12.14-16.91.1, kernel-syms-azure-4.12.14-16.91.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0757-1: An update that solves 10 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 1107207,1114893,1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195934,1195949,1195987,1196079,1196155,1196584,1196601,1196612 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24959 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1 SUSE OpenStack Cloud 9 (src): kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1 SUSE Linux Enterprise Live Patching 12-SP4 (src): kernel-default-4.12.14-95.93.1, kgraft-patch-SLE12-SP4_Update_25-1-6.5.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.93.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
No CVE number in the changelog of kernel patch : SLES12 SP5 * Tue Mar 01 2022 tiwai@suse.de - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - commit 589ad87 Could we add the CVE number to the changelog?
Hi Leilei, there's no CVE ID in changelogs because it wasn't yet assigned at submission time. The next kernel update round (April) would be the right occasion to add the CVE ID to all the changelogs.
Done.