1206395 – (CVE-2022-3107) VUL-0: CVE-2022-3107: kernel: Unchecked kvmalloc_array return leads to null pointer dereference

Bug 1206395 (CVE-2022-3107) - VUL-0: CVE-2022-3107: kernel: Unchecked kvmalloc_array return leads to null pointer dereference

Summary: VUL-0: CVE-2022-3107: kernel: Unchecked kvmalloc_array return leads to null p...

Status:	RESOLVED FIXED

Alias:	CVE-2022-3107

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/350612/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-3107:5.5:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2022-12-14 07:26 UTC by Alexander Bergmann
Modified:	2024-06-25 17:16 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2022-12-14 07:26:22 UTC

rh#2153060

[Suggested description]
An issue was discovered in the Linux kernel through 5.16-rc6.
netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check
of the return value of kvmalloc_array() and will cause the null pointer
dereference.

------------------------------------------

[VulnerabilityType Other]
NULL Pointer Dereference

------------------------------------------

[Vendor of Product]
the development group

------------------------------------------

[Affected Product Code Base]
Linux kernel - 5.16-rc6

------------------------------------------

[Reference]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=886e44c9298a6b428ae046e2fa092ca52e822e6a

------------------------------------------

[Discoverer]
Jiasheng Jiang

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2153060
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3107

Comment 1 Ivan Ivanov 2022-12-14 10:57:06 UTC

Already fixed by:

commit cf67f525388634cb2fe2f3ae27655101f8c88185
Author: Olaf Hering <ohering@suse.de>
Date:   Wed Apr 13 15:21:19 2022 +0200

Comment 2 Petr Mladek 2022-12-15 13:49:58 UTC

The bug was introduced in the commit 6ae746711263 ("hv_netvsc: Add per-cpu ethtool stats for netvsc") back in v4.19-rc1. But we have it backported
also in linux-4.12 kernels.

I see fix backported in all affected kernels. So, it is enough to
add reference to this CVE and bug. I am going to do so.

Comment 3 Petr Mladek 2022-12-16 14:14:35 UTC

I have updated the reference in all affected branches:

    SLE15-SP1-LTSS
    SLE12-SP5
    SLE15-SP2-LTSS
    SLE15-SP3
    SLE15-SP4

Reassigning back to the security team for further tracking.

Comment 21 Swamp Workflow Management 2023-01-25 14:21:15 UTC

SUSE-SU-2023:0134-1: An update that solves 11 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1151927,1157049,1190969,1203183,1204171,1204250,1204693,1205256,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206389,1206394,1206395,1206397,1206398,1206664
CVE References: CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3435,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.115.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.115.1, kernel-rt_debug-5.3.18-150300.115.1, kernel-source-rt-5.3.18-150300.115.1, kernel-syms-rt-5.3.18-150300.115.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.115.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.115.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2023-01-26 11:21:19 UTC

SUSE-SU-2023:0145-1: An update that solves 5 vulnerabilities, contains one feature and has 7 fixes is now available.

Category: security (important)
Bug References: 1065729,1203740,1204250,1205695,1206073,1206344,1206389,1206395,1206664,1207036,1207168,1207195
CVE References: CVE-2022-3107,CVE-2022-3108,CVE-2022-3564,CVE-2022-4662,CVE-2023-23454
JIRA References: PED-568
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.147.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.147.1, kernel-obs-build-4.12.14-122.147.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.147.1, kernel-source-4.12.14-122.147.1, kernel-syms-4.12.14-122.147.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.147.1, kgraft-patch-SLE12-SP5_Update_39-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.147.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2023-01-26 11:25:40 UTC

SUSE-SU-2023:0146-1: An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available.

Category: security (important)
Bug References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016
CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520
JIRA References: PED-1445,PED-568
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.31.1, kernel-source-azure-5.14.21-150400.14.31.1, kernel-syms-azure-5.14.21-150400.14.31.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.31.1, kernel-source-azure-5.14.21-150400.14.31.1, kernel-syms-azure-5.14.21-150400.14.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2023-01-26 11:31:47 UTC

SUSE-SU-2023:0147-1: An update that solves 14 vulnerabilities, contains three features and has 32 fixes is now available.

Category: security (important)
Bug References: 1065729,1187428,1188605,1191259,1193629,1199294,1201068,1203219,1203740,1204614,1204652,1204760,1204911,1204989,1205263,1205485,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016
CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520
JIRA References: PED-1445,PED-568,SLE-19249
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.8.1
openSUSE Leap 15.4 (src):    kernel-rt-5.14.21-150400.15.8.1, kernel-rt_debug-5.14.21-150400.15.8.1, kernel-source-rt-5.14.21-150400.15.8.1, kernel-syms-rt-5.14.21-150400.15.8.1
SUSE Linux Enterprise Module for Realtime 15-SP4 (src):    kernel-rt-5.14.21-150400.15.8.1, kernel-rt_debug-5.14.21-150400.15.8.1, kernel-source-rt-5.14.21-150400.15.8.1, kernel-syms-rt-5.14.21-150400.15.8.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-livepatch-SLE15-SP4-RT_Update_2-1-150400.1.3.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2023-01-26 14:22:41 UTC

SUSE-SU-2023:0149-1: An update that solves 15 vulnerabilities, contains two features and has 37 fixes is now available.

Category: security (important)
Bug References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016
CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520
JIRA References: PED-1445,PED-568
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.41.1, kernel-64kb-5.14.21-150400.24.41.1, kernel-debug-5.14.21-150400.24.41.1, kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1, kernel-docs-5.14.21-150400.24.41.1, kernel-kvmsmall-5.14.21-150400.24.41.1, kernel-obs-build-5.14.21-150400.24.41.1, kernel-obs-qa-5.14.21-150400.24.41.1, kernel-source-5.14.21-150400.24.41.1, kernel-syms-5.14.21-150400.24.41.1, kernel-zfcpdump-5.14.21-150400.24.41.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1, kernel-livepatch-SLE15-SP4_Update_7-1-150400.9.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.41.1, kernel-obs-build-5.14.21-150400.24.41.1, kernel-source-5.14.21-150400.24.41.1, kernel-syms-5.14.21-150400.24.41.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.41.1, kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1, kernel-source-5.14.21-150400.24.41.1, kernel-zfcpdump-5.14.21-150400.24.41.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2023-01-26 14:29:18 UTC

SUSE-SU-2023:0152-1: An update that solves 19 vulnerabilities, contains three features and has 71 fixes is now available.

Category: security (important)
Bug References: 1065729,1151927,1156395,1157049,1190969,1203183,1203693,1203740,1204171,1204250,1204614,1204693,1204760,1204989,1205149,1205256,1205495,1205496,1205601,1205695,1206073,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206344,1206389,1206393,1206394,1206395,1206397,1206398,1206399,1206515,1206602,1206634,1206635,1206636,1206637,1206640,1206641,1206642,1206643,1206644,1206645,1206646,1206647,1206648,1206649,1206663,1206664,1206784,1206841,1206854,1206855,1206857,1206858,1206859,1206860,1206873,1206875,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206896,1206904,1207036,1207125,1207134,1207186,1207198,1207218,1207237
CVE References: CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-2023-23455
JIRA References: PED-1445,PED-1706,PED-568
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.109.1
SUSE Manager Server 4.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-zfcpdump-5.3.18-150300.59.109.1
SUSE Manager Retail Branch Server 4.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1
SUSE Manager Proxy 4.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1, kernel-zfcpdump-5.3.18-150300.59.109.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-livepatch-SLE15-SP3_Update_28-1-150300.7.3.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1
SUSE Enterprise Storage 7.1 (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2023-01-26 14:36:19 UTC

SUSE-SU-2023:0148-1: An update that solves four vulnerabilities, contains one feature and has 9 fixes is now available.

Category: security (important)
Bug References: 1065729,1174298,1174299,1203740,1204250,1204667,1205695,1206073,1206344,1206389,1206395,1206664,1206896
CVE References: CVE-2022-3107,CVE-2022-3108,CVE-2022-3564,CVE-2022-4662
JIRA References: PED-568
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.112.1, kernel-rt_debug-4.12.14-10.112.1, kernel-source-rt-4.12.14-10.112.1, kernel-syms-rt-4.12.14-10.112.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2023-02-14 17:21:59 UTC

SUSE-SU-2023:0406-1: An update that solves 16 vulnerabilities, contains one feature and has 14 fixes is now available.

Category: security (important)
Bug References: 1203183,1203693,1203740,1204171,1204614,1204760,1205149,1206073,1206113,1206114,1206314,1206389,1206393,1206395,1206398,1206399,1206515,1206664,1206677,1206784,1207036,1207125,1207134,1207186,1207188,1207189,1207190,1207237,1207769,1207823
CVE References: CVE-2022-3105,CVE-2022-3107,CVE-2022-3108,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-2023-23455
JIRA References: PED-1706
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.142.1, kernel-livepatch-SLE15-SP2_Update_33-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.142.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Swamp Workflow Management 2023-02-14 20:24:46 UTC

SUSE-SU-2023:0410-1: An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (important)
Bug References: 1203693,1205149,1206073,1206389,1206395,1206664,1206677,1206784,1207036,1207186,1207237
CVE References: CVE-2022-3107,CVE-2022-3108,CVE-2022-3564,CVE-2022-4662,CVE-2022-47929,CVE-2023-23454
JIRA References: PED-1706
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.134.1, kernel-default-4.12.14-150100.197.134.1, kernel-kvmsmall-4.12.14-150100.197.134.1, kernel-vanilla-4.12.14-150100.197.134.1, kernel-zfcpdump-4.12.14-150100.197.134.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1, kernel-zfcpdump-4.12.14-150100.197.134.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.134.1, kernel-livepatch-SLE15-SP1_Update_37-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.134.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Robert Frohl 2024-05-03 09:26:54 UTC

done, closing