Bug 1198025 (CVE-2022-1204) - VUL-0: CVE-2022-1204: kernel-source: Use after free in net/ax25/af_ax25.c
Summary: VUL-0: CVE-2022-1204: kernel-source: Use after free in net/ax25/af_ax25.c
Status: RESOLVED FIXED
Alias: CVE-2022-1204
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/327883/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-1204:5.1:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-04-04 14:11 UTC by Gabriele Sonnu
Modified: 2024-06-25 16:47 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Takashi Iwai 2022-04-04 15:36:02 UTC 
The ax25 stuff is enabled on SLE15-SP3 and SLE15-SP4 but shipped only with kernel-*-optional for Leap.
Comment 2 Gabriele Sonnu 2022-04-04 15:56:01 UTC 
Tracking as affected:

- SLE15-SP3 
- SLE15-SP4
Comment 3 Petr Mladek 2022-05-06 11:50:04 UTC 
This bug seems to approach a good date for CVE SLA fulfillment [1].
What is its status, please?
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
Comment 4 Takashi Iwai 2022-05-23 12:14:13 UTC 
All fixes have been already backported to both SLE15-SP3 and SLE15-SP4 for other CVE entries (CVE-2022-1205 CVE-2022-1199 bsc#1198027 bsc#1198028).
I updated the patch reference to point to this one, too.

Reassigned back to security team.