Bugzilla – Bug 1206397
VUL-0: CVE-2022-3106: kernel: kmalloc's return value not checked, leading to null pointer dereference
Last modified: 2024-06-25 17:16:42 UTC
rh#2153066 [Suggested description] An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). ------------------------------------------ [VulnerabilityType Other] NULL Pointer Dereference ------------------------------------------ [Vendor of Product] the development group ------------------------------------------ [Affected Product Code Base] Linux kernel - 5.16-rc6 ------------------------------------------ [Reference] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=407ecd1bd726f240123f704620d46e285ff30dd9 ------------------------------------------ [Discoverer] Jiasheng Jiang References: https://bugzilla.redhat.com/show_bug.cgi?id=2153066 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3106
Already fixed by: commit 37bb2fb2ecbad2ad854841632f2f949df4061657 Author: Thomas Bogendoerfer <tbogendoerfer@suse.de> Date: Tue Dec 21 13:24:01 2021 +0100
The bug was added by the commit b593b6f1b492 ("sfc_ef100: statistics gathering") back in v5.9-rc1. But I see it backported also in SLE15-SP3. As already pointed out by Ivan, we already have the fix by git-fixes. I see it in SLE15-SP5 and above. I am just going to add references to this CVE and bug.
(In reply to Petr Mladek from comment #2) > The bug was added by the commit b593b6f1b492 ("sfc_ef100: statistics > gathering") > back in v5.9-rc1. But I see it backported also in SLE15-SP3. > > As already pointed out by Ivan, we already have the fix by git-fixes. > I see it in SLE15-SP5 and above. > > I am just going to add references to this CVE and bug. I've pushed them for SLE15-SP4 in my for-next branch already.
(In reply to Thomas Bogendoerfer from comment #3) > (In reply to Petr Mladek from comment #2) > > The bug was added by the commit b593b6f1b492 ("sfc_ef100: statistics > > gathering") > > back in v5.9-rc1. But I see it backported also in SLE15-SP3. > > > > As already pointed out by Ivan, we already have the fix by git-fixes. > > I see it in SLE15-SP5 and above. > > > > I am just going to add references to this CVE and bug. > > I've pushed them for SLE15-SP4 in my for-next branch already. OK, I have already prepared it for SLE15-SP3. Let's use your push for SLE15-SP4 and mine for SLE15-SP3.
I have updated the reference in the branch SLE15-SP3. Thomas updated the reference in the branch SLE15-SP4. Reassigning back to the security team for further tracking.
SUSE-SU-2023:0134-1: An update that solves 11 vulnerabilities and has 11 fixes is now available. Category: security (important) Bug References: 1151927,1157049,1190969,1203183,1204171,1204250,1204693,1205256,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206389,1206394,1206395,1206397,1206398,1206664 CVE References: CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3435,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662 JIRA References: Sources used: openSUSE Leap Micro 5.2 (src): kernel-rt-5.3.18-150300.115.1 SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.115.1, kernel-rt_debug-5.3.18-150300.115.1, kernel-source-rt-5.3.18-150300.115.1, kernel-syms-rt-5.3.18-150300.115.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-rt-5.3.18-150300.115.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.115.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0146-1: An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available. Category: security (important) Bug References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016 CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 JIRA References: PED-1445,PED-568 Sources used: openSUSE Leap 15.4 (src): kernel-azure-5.14.21-150400.14.31.1, kernel-source-azure-5.14.21-150400.14.31.1, kernel-syms-azure-5.14.21-150400.14.31.1 SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src): kernel-azure-5.14.21-150400.14.31.1, kernel-source-azure-5.14.21-150400.14.31.1, kernel-syms-azure-5.14.21-150400.14.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0147-1: An update that solves 14 vulnerabilities, contains three features and has 32 fixes is now available. Category: security (important) Bug References: 1065729,1187428,1188605,1191259,1193629,1199294,1201068,1203219,1203740,1204614,1204652,1204760,1204911,1204989,1205263,1205485,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016 CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 JIRA References: PED-1445,PED-568,SLE-19249 Sources used: openSUSE Leap Micro 5.3 (src): kernel-rt-5.14.21-150400.15.8.1 openSUSE Leap 15.4 (src): kernel-rt-5.14.21-150400.15.8.1, kernel-rt_debug-5.14.21-150400.15.8.1, kernel-source-rt-5.14.21-150400.15.8.1, kernel-syms-rt-5.14.21-150400.15.8.1 SUSE Linux Enterprise Module for Realtime 15-SP4 (src): kernel-rt-5.14.21-150400.15.8.1, kernel-rt_debug-5.14.21-150400.15.8.1, kernel-source-rt-5.14.21-150400.15.8.1, kernel-syms-rt-5.14.21-150400.15.8.1 SUSE Linux Enterprise Module for Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_2-1-150400.1.3.1 SUSE Linux Enterprise Micro 5.3 (src): kernel-rt-5.14.21-150400.15.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0149-1: An update that solves 15 vulnerabilities, contains two features and has 37 fixes is now available. Category: security (important) Bug References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016 CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 JIRA References: PED-1445,PED-568 Sources used: openSUSE Leap Micro 5.3 (src): kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1 openSUSE Leap 15.4 (src): dtb-aarch64-5.14.21-150400.24.41.1, kernel-64kb-5.14.21-150400.24.41.1, kernel-debug-5.14.21-150400.24.41.1, kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1, kernel-docs-5.14.21-150400.24.41.1, kernel-kvmsmall-5.14.21-150400.24.41.1, kernel-obs-build-5.14.21-150400.24.41.1, kernel-obs-qa-5.14.21-150400.24.41.1, kernel-source-5.14.21-150400.24.41.1, kernel-syms-5.14.21-150400.24.41.1, kernel-zfcpdump-5.14.21-150400.24.41.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): kernel-default-5.14.21-150400.24.41.1 SUSE Linux Enterprise Module for Live Patching 15-SP4 (src): kernel-default-5.14.21-150400.24.41.1, kernel-livepatch-SLE15-SP4_Update_7-1-150400.9.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src): kernel-default-5.14.21-150400.24.41.1 SUSE Linux Enterprise Module for Development Tools 15-SP4 (src): kernel-docs-5.14.21-150400.24.41.1, kernel-obs-build-5.14.21-150400.24.41.1, kernel-source-5.14.21-150400.24.41.1, kernel-syms-5.14.21-150400.24.41.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): kernel-64kb-5.14.21-150400.24.41.1, kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1, kernel-source-5.14.21-150400.24.41.1, kernel-zfcpdump-5.14.21-150400.24.41.1 SUSE Linux Enterprise Micro 5.3 (src): kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1 SUSE Linux Enterprise High Availability 15-SP4 (src): kernel-default-5.14.21-150400.24.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0152-1: An update that solves 19 vulnerabilities, contains three features and has 71 fixes is now available. Category: security (important) Bug References: 1065729,1151927,1156395,1157049,1190969,1203183,1203693,1203740,1204171,1204250,1204614,1204693,1204760,1204989,1205149,1205256,1205495,1205496,1205601,1205695,1206073,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206344,1206389,1206393,1206394,1206395,1206397,1206398,1206399,1206515,1206602,1206634,1206635,1206636,1206637,1206640,1206641,1206642,1206643,1206644,1206645,1206646,1206647,1206648,1206649,1206663,1206664,1206784,1206841,1206854,1206855,1206857,1206858,1206859,1206860,1206873,1206875,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206896,1206904,1207036,1207125,1207134,1207186,1207198,1207218,1207237 CVE References: CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-2023-23455 JIRA References: PED-1445,PED-1706,PED-568 Sources used: openSUSE Leap Micro 5.2 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.109.1 SUSE Manager Server 4.2 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-zfcpdump-5.3.18-150300.59.109.1 SUSE Manager Retail Branch Server 4.2 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1 SUSE Manager Proxy 4.2 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1 SUSE Linux Enterprise Server for SAP 15-SP3 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1 SUSE Linux Enterprise Server 15-SP3-LTSS (src): kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1, kernel-zfcpdump-5.3.18-150300.59.109.1 SUSE Linux Enterprise Realtime Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.109.1, kernel-livepatch-SLE15-SP3_Update_28-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src): kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src): kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.109.1 SUSE Enterprise Storage 7.1 (src): kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing