kernel-devel-5.19.8-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12320 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-5.19.8-1.1 on GA media These are all security issues fixed in the kernel-devel-5.19.8-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12320 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12320 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2308/ SUSE CVE CVE-2022-2308 page openSUSE Tumbleweed kernel-devel-5.19.8-1.1 kernel-macros-5.19.8-1.1 kernel-source-5.19.8-1.1 kernel-source-vanilla-5.19.8-1.1 kernel-devel-5.19.8-1.1 as a component of openSUSE Tumbleweed kernel-macros-5.19.8-1.1 as a component of openSUSE Tumbleweed kernel-source-5.19.8-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-5.19.8-1.1 as a component of openSUSE Tumbleweed A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. CVE-2022-2308 openSUSE Tumbleweed:kernel-devel-5.19.8-1.1 openSUSE Tumbleweed:kernel-macros-5.19.8-1.1 openSUSE Tumbleweed:kernel-source-5.19.8-1.1 openSUSE Tumbleweed:kernel-source-vanilla-5.19.8-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2308.html CVE-2022-2308 https://bugzilla.suse.com/1202573 SUSE Bug 1202573