kernel-devel-6.0.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12437-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-6.0.3-1.1 on GA media These are all security issues fixed in the kernel-devel-6.0.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12437 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-41674/ SUSE CVE CVE-2022-41674 page https://www.suse.com/security/cve/CVE-2022-42719/ SUSE CVE CVE-2022-42719 page https://www.suse.com/security/cve/CVE-2022-42720/ SUSE CVE CVE-2022-42720 page https://www.suse.com/security/cve/CVE-2022-42721/ SUSE CVE CVE-2022-42721 page https://www.suse.com/security/cve/CVE-2022-42722/ SUSE CVE CVE-2022-42722 page openSUSE Tumbleweed kernel-devel-6.0.3-1.1 kernel-macros-6.0.3-1.1 kernel-source-6.0.3-1.1 kernel-source-vanilla-6.0.3-1.1 kernel-devel-6.0.3-1.1 as a component of openSUSE Tumbleweed kernel-macros-6.0.3-1.1 as a component of openSUSE Tumbleweed kernel-source-6.0.3-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-6.0.3-1.1 as a component of openSUSE Tumbleweed An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. CVE-2022-41674 openSUSE Tumbleweed:kernel-devel-6.0.3-1.1 openSUSE Tumbleweed:kernel-macros-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-41674.html CVE-2022-41674 https://bugzilla.suse.com/1203770 SUSE Bug 1203770 https://bugzilla.suse.com/1203994 SUSE Bug 1203994 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. CVE-2022-42719 openSUSE Tumbleweed:kernel-devel-6.0.3-1.1 openSUSE Tumbleweed:kernel-macros-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-42719.html CVE-2022-42719 https://bugzilla.suse.com/1204051 SUSE Bug 1204051 https://bugzilla.suse.com/1204292 SUSE Bug 1204292 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. CVE-2022-42720 openSUSE Tumbleweed:kernel-devel-6.0.3-1.1 openSUSE Tumbleweed:kernel-macros-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-42720.html CVE-2022-42720 https://bugzilla.suse.com/1204059 SUSE Bug 1204059 https://bugzilla.suse.com/1204291 SUSE Bug 1204291 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. CVE-2022-42721 openSUSE Tumbleweed:kernel-devel-6.0.3-1.1 openSUSE Tumbleweed:kernel-macros-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-42721.html CVE-2022-42721 https://bugzilla.suse.com/1204060 SUSE Bug 1204060 https://bugzilla.suse.com/1204290 SUSE Bug 1204290 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. CVE-2022-42722 openSUSE Tumbleweed:kernel-devel-6.0.3-1.1 openSUSE Tumbleweed:kernel-macros-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-6.0.3-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-42722.html CVE-2022-42722 https://bugzilla.suse.com/1204125 SUSE Bug 1204125 https://bugzilla.suse.com/1204289 SUSE Bug 1204289 https://bugzilla.suse.com/1209225 SUSE Bug 1209225