Bug 1198025 - (CVE-2022-1204) VUL-0: CVE-2022-1204: kernel-source: Use after free in net/ax25/af_ax25.c
VUL-0: CVE-2022-1204: kernel-source: Use after free in net/ax25/af_ax25.c
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-04-04 14:11 UTC by Gabriele Sonnu
Modified: 2023-01-18 17:36 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Takashi Iwai 2022-04-04 15:36:02 UTC
The ax25 stuff is enabled on SLE15-SP3 and SLE15-SP4 but shipped only with kernel-*-optional for Leap.
Comment 2 Gabriele Sonnu 2022-04-04 15:56:01 UTC
Tracking as affected:

- SLE15-SP3 
- SLE15-SP4
Comment 3 Petr Mladek 2022-05-06 11:50:04 UTC
This bug seems to approach a good date for CVE SLA fulfillment [1].
What is its status, please?
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
Comment 4 Takashi Iwai 2022-05-23 12:14:13 UTC
All fixes have been already backported to both SLE15-SP3 and SLE15-SP4 for other CVE entries (CVE-2022-1205 CVE-2022-1199 bsc#1198027 bsc#1198028).
I updated the patch reference to point to this one, too.

Reassigned back to security team.