kernel-devel-5.16.14-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11910-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-5.16.14-1.1 on GA media These are all security issues fixed in the kernel-devel-5.16.14-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11910 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0847/ SUSE CVE CVE-2022-0847 page https://www.suse.com/security/cve/CVE-2022-26490/ SUSE CVE CVE-2022-26490 page openSUSE Tumbleweed kernel-devel-5.16.14-1.1 kernel-macros-5.16.14-1.1 kernel-source-5.16.14-1.1 kernel-source-vanilla-5.16.14-1.1 kernel-devel-5.16.14-1.1 as a component of openSUSE Tumbleweed kernel-macros-5.16.14-1.1 as a component of openSUSE Tumbleweed kernel-source-5.16.14-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-5.16.14-1.1 as a component of openSUSE Tumbleweed A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. CVE-2022-0847 openSUSE Tumbleweed:kernel-devel-5.16.14-1.1 openSUSE Tumbleweed:kernel-macros-5.16.14-1.1 openSUSE Tumbleweed:kernel-source-5.16.14-1.1 openSUSE Tumbleweed:kernel-source-vanilla-5.16.14-1.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0847.html CVE-2022-0847 https://bugzilla.suse.com/1196584 SUSE Bug 1196584 https://bugzilla.suse.com/1196601 SUSE Bug 1196601 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. CVE-2022-26490 openSUSE Tumbleweed:kernel-devel-5.16.14-1.1 openSUSE Tumbleweed:kernel-macros-5.16.14-1.1 openSUSE Tumbleweed:kernel-source-5.16.14-1.1 openSUSE Tumbleweed:kernel-source-vanilla-5.16.14-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-26490.html CVE-2022-26490 https://bugzilla.suse.com/1196830 SUSE Bug 1196830 https://bugzilla.suse.com/1201656 SUSE Bug 1201656 https://bugzilla.suse.com/1201969 SUSE Bug 1201969 https://bugzilla.suse.com/1211495 SUSE Bug 1211495