kernel-devel-5.18.11-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12193 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-5.18.11-1.1 on GA media These are all security issues fixed in the kernel-devel-5.18.11-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12193 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12193 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-1462/ SUSE CVE CVE-2022-1462 page https://www.suse.com/security/cve/CVE-2022-29900/ SUSE CVE CVE-2022-29900 page https://www.suse.com/security/cve/CVE-2022-29901/ SUSE CVE CVE-2022-29901 page openSUSE Tumbleweed kernel-devel-5.18.11-1.1 kernel-macros-5.18.11-1.1 kernel-source-5.18.11-1.1 kernel-source-vanilla-5.18.11-1.1 kernel-devel-5.18.11-1.1 as a component of openSUSE Tumbleweed kernel-macros-5.18.11-1.1 as a component of openSUSE Tumbleweed kernel-source-5.18.11-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-5.18.11-1.1 as a component of openSUSE Tumbleweed An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. CVE-2022-1462 openSUSE Tumbleweed:kernel-devel-5.18.11-1.1 openSUSE Tumbleweed:kernel-macros-5.18.11-1.1 openSUSE Tumbleweed:kernel-source-5.18.11-1.1 openSUSE Tumbleweed:kernel-source-vanilla-5.18.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1462.html CVE-2022-1462 https://bugzilla.suse.com/1198829 SUSE Bug 1198829 Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 openSUSE Tumbleweed:kernel-devel-5.18.11-1.1 openSUSE Tumbleweed:kernel-macros-5.18.11-1.1 openSUSE Tumbleweed:kernel-source-5.18.11-1.1 openSUSE Tumbleweed:kernel-source-vanilla-5.18.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-29900.html CVE-2022-29900 https://bugzilla.suse.com/1199657 SUSE Bug 1199657 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://bugzilla.suse.com/1207894 SUSE Bug 1207894 Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29901 openSUSE Tumbleweed:kernel-devel-5.18.11-1.1 openSUSE Tumbleweed:kernel-macros-5.18.11-1.1 openSUSE Tumbleweed:kernel-source-5.18.11-1.1 openSUSE Tumbleweed:kernel-source-vanilla-5.18.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-29901.html CVE-2022-29901 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://bugzilla.suse.com/1207894 SUSE Bug 1207894