First Last Prev Next    This bug is not in your last search results.
Bug 1198025 - (CVE-2022-1204) VUL-0: CVE-2022-1204: kernel-source: Use after free in net/ax25/af_ax25.c
(CVE-2022-1204)
VUL-0: CVE-2022-1204: kernel-source: Use after free in net/ax25/af_ax25.c
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/327883/
CVSSv3.1:SUSE:CVE-2022-1204:5.1:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-04 14:11 UTC by Gabriele Sonnu
Modified: 2023-01-18 17:36 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Takashi Iwai 2022-04-04 15:36:02 UTC 
The ax25 stuff is enabled on SLE15-SP3 and SLE15-SP4 but shipped only with kernel-*-optional for Leap.
Comment 2 Gabriele Sonnu 2022-04-04 15:56:01 UTC 
Tracking as affected:

- SLE15-SP3 
- SLE15-SP4
Comment 3 Petr Mladek 2022-05-06 11:50:04 UTC 
This bug seems to approach a good date for CVE SLA fulfillment [1].
What is its status, please?
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
Comment 4 Takashi Iwai 2022-05-23 12:14:13 UTC 
All fixes have been already backported to both SLE15-SP3 and SLE15-SP4 for other CVE entries (CVE-2022-1205 CVE-2022-1199 bsc#1198027 bsc#1198028).
I updated the patch reference to point to this one, too.

Reassigned back to security team.
First Last Prev Next    This bug is not in your last search results.