Bug 1195371 - (CVE-2022-0286) VUL-0: CVE-2022-0286: kernel-source-azure,kernel-source-rt,kernel-source: Local denial of service in bond_ipsec_add_sa
(CVE-2022-0286)
VUL-0: CVE-2022-0286: kernel-source-azure,kernel-source-rt,kernel-source: Loc...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Thomas Bogendoerfer
Security Team bot
https://smash.suse.de/issue/322204/
CVSSv3.1:SUSE:CVE-2022-0286:5.1:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-01 08:35 UTC by Robert Frohl
Modified: 2022-02-21 17:25 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Robert Frohl 2022-02-01 08:39:17 UTC
160f641886d88bf11cbf1236cc4db994bb210626

> Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")

at least goes back to v5.9
Comment 2 Robert Frohl 2022-02-01 08:45:39 UTC
(In reply to Robert Frohl from comment #1)
> at least goes back to v5.9

backported to 15-SP3 too it seems

tracking as affected: SLE15-SP3 and SLE15-SP4
Comment 3 Thomas Bogendoerfer 2022-02-01 09:03:19 UTC
(In reply to Robert Frohl from comment #2)
> (In reply to Robert Frohl from comment #1)
> > at least goes back to v5.9
> 
> backported to 15-SP3 too it seems
> 
> tracking as affected: SLE15-SP3 and SLE15-SP4

SLE15-SP3 has the fix since last year:

commit 9c14d020b75070fddbe042374710b52572b8b3fa
Author: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Date:   Thu Jul 22 14:57:46 2021 +0200

    bonding: fix null dereference in bond_ipsec_add_sa()
    (bsc#1176447).

I've updated the reference.

And SLE15-SP4 is IMHO not affected, because the fix came into V5.14, which
is the base for SP4.
Comment 4 Robert Frohl 2022-02-01 09:36:12 UTC
(In reply to Thomas Bogendoerfer from comment #3)
> (In reply to Robert Frohl from comment #2)
> > (In reply to Robert Frohl from comment #1)
> > > at least goes back to v5.9
> > 
> > backported to 15-SP3 too it seems
> > 
> > tracking as affected: SLE15-SP3 and SLE15-SP4
> 
> SLE15-SP3 has the fix since last year:
>
> [..] 
> And SLE15-SP4 is IMHO not affected, because the fix came into V5.14, which
> is the base for SP4.

You are correct, updating tracking and closing as it is already fixed.
Comment 9 Swamp Workflow Management 2022-02-10 20:26:21 UTC
openSUSE-SU-2022:0363-1: An update that solves 12 vulnerabilities and has 20 fixes is now available.

Category: security (critical)
Bug References: 1154353,1154488,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371
CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-4159,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.40.4, kernel-source-azure-5.3.18-150300.38.40.4, kernel-syms-azure-5.3.18-150300.38.40.1
Comment 10 Swamp Workflow Management 2022-02-10 20:35:42 UTC
SUSE-SU-2022:0363-1: An update that solves 12 vulnerabilities and has 20 fixes is now available.

Category: security (critical)
Bug References: 1154353,1154488,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371
CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-4159,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.40.4, kernel-source-azure-5.3.18-150300.38.40.4, kernel-syms-azure-5.3.18-150300.38.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-02-11 11:22:22 UTC
SUSE-SU-2022:0370-1: An update that solves 11 vulnerabilities and has 29 fixes is now available.

Category: security (critical)
Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482
CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.49.1, kernel-livepatch-SLE15-SP3_Update_14-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.49.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.49.1, kernel-obs-build-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-syms-5.3.18-150300.59.49.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.49.1, kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-zfcpdump-5.3.18-150300.59.49.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-02-11 11:26:30 UTC
openSUSE-SU-2022:0370-1: An update that solves 11 vulnerabilities and has 29 fixes is now available.

Category: security (critical)
Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482
CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.49.1, kernel-64kb-5.3.18-150300.59.49.1, kernel-debug-5.3.18-150300.59.49.1, kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1, kernel-docs-5.3.18-150300.59.49.1, kernel-kvmsmall-5.3.18-150300.59.49.1, kernel-obs-build-5.3.18-150300.59.49.1, kernel-obs-qa-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-syms-5.3.18-150300.59.49.1, kernel-zfcpdump-5.3.18-150300.59.49.1
Comment 14 Swamp Workflow Management 2022-02-21 17:25:36 UTC
SUSE-SU-2022:0543-1: An update that solves 9 vulnerabilities and has 29 fixes is now available.

Category: security (critical)
Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482
CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-22942
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.76.1, kernel-rt_debug-5.3.18-150300.76.1, kernel-source-rt-5.3.18-150300.76.1, kernel-syms-rt-5.3.18-150300.76.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.76.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.