|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2022-25375: kernel-source-rt,kernel-source,kernel-source-azure: information leak due to a lack of validation in the RNDIS_MSG_SET command | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Carlos López <carlos.lopez> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | smash_bz, tiwai |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/324397/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2022-25375:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Carlos López
2022-02-21 10:25:10 UTC
The gadget driver is only for Leap, so affected only Leap 15.3 and later. SLE15-SP4 already contains the fix, and I updated the patch reference. The fix was backported to cve/linux-5.3 branch and will be merged to SLE15-SP3 later. Reassigned back to security team. (In reply to Takashi Iwai from comment #1) > The fix was backported to cve/linux-5.3 branch and will be merged to > SLE15-SP3 later. Actually this was already backported for SLE15-SP3 in "576fa563519e136ef486c9c7cef567dfd95f8599: usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes)", so all done :) openSUSE-SU-2022:0760-1: An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.54.1, kernel-64kb-5.3.18-150300.59.54.1, kernel-debug-5.3.18-150300.59.54.1, kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3, kernel-docs-5.3.18-150300.59.54.1, kernel-kvmsmall-5.3.18-150300.59.54.1, kernel-obs-build-5.3.18-150300.59.54.1, kernel-obs-qa-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-syms-5.3.18-150300.59.54.1, kernel-zfcpdump-5.3.18-150300.59.54.1 SUSE-SU-2022:0763-1: An update that solves three vulnerabilities, contains three features and has 43 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195668,1195701,1195798,1195799,1195823,1195928,1195957,1195995,1196195,1196235,1196339,1196400,1196516,1196584 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.79.1, kernel-rt_debug-5.3.18-150300.79.1, kernel-source-rt-5.3.18-150300.79.1, kernel-syms-rt-5.3.18-150300.79.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.79.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:0759-1: An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available. Category: security (important) Bug References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375 JIRA References: SLE-23652 Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-livepatch-SLE15-SP2_Update_25-1-5.5.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.107.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:0755-1: An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1156395,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195142,1195352,1195378,1195476,1195477,1195478,1195479,1195480,1195481,1195482,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196400,1196403,1196516,1196584,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.47.1, kernel-source-azure-5.3.18-150300.38.47.1, kernel-syms-azure-5.3.18-150300.38.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2022:0755-1: An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1156395,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195142,1195352,1195378,1195476,1195477,1195478,1195479,1195480,1195481,1195482,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196400,1196403,1196516,1196584,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.47.1, kernel-source-azure-5.3.18-150300.38.47.1, kernel-syms-azure-5.3.18-150300.38.47.1 SUSE-SU-2022:0760-1: An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available. Category: security (important) Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776 CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 JIRA References: SLE-20807,SLE-22135,SLE-22494 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1, kernel-livepatch-SLE15-SP3_Update_15-1-150300.7.5.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.54.1, kernel-obs-build-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-syms-5.3.18-150300.59.54.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.54.1, kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-zfcpdump-5.3.18-150300.59.54.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:1257-1: An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available. Category: security (important) Bug References: 1179639,1189126,1189562,1193731,1194516,1194943,1195051,1195254,1195286,1195353,1195403,1195516,1195543,1195612,1195897,1195905,1195939,1195987,1196018,1196079,1196095,1196155,1196196,1196235,1196468,1196488,1196612,1196761,1196776,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1198031,1198032,1198033 CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-44879,CVE-2021-45868,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-28748 JIRA References: SLE-23652 Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-150200.79.2, kernel-rt_debug-5.3.18-150200.79.2, kernel-source-rt-5.3.18-150200.79.2, kernel-syms-rt-5.3.18-150200.79.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-rt-5.3.18-150200.79.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. |