[CLSA-2023:1682604577] Fix of 53 CVEs

Type:

security

Severity:

Important

Release date:

2023-04-27 14:09:42 UTC

Description:

   * CVE-2022-1198
     - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
   * Bionic update: upstream stable patchset 2022-03-04 (LP: #1963717) //
     CVE-2020-36516
     - ipv4: avoid using shared IP generator for connected sockets
   * CVE-2022-36879
     - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
       xfrm_bundle_lookup()
   * CVE-2022-3061
     - video: fbdev: i740fb: Error out if 'pixclock' equals zero
   * CVE-2022-1516
     - net/x25: Fix null-ptr-deref caused by x25_disconnect
   * CVE-2022-1205
     - ax25: Fix NULL pointer dereferences in ax25 timers
     - ax25: Fix UAF bugs in ax25 timers
   * CVE-2022-2318
     - net: rose: fix UAF bugs caused by timer handler
   * CVE-2022-1195
     - hamradio: defer 6pack kfree after unregister_netdev
     - hamradio: defer ax25 kfree after unregister_netdev
     - hamradio: improve the incomplete fix to avoid NPD
   * CVE-2022-0494
     - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
   * CVE-2021-26401
     - x86/speculation: Use generic retpoline by default on AMD
   * Bionic update: upstream stable patchset 2022-10-18 (LP: #1993349) //
     CVE-2022-39188
     - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
   * Bionic update: upstream stable patchset 2022-10-06 (LP: #1992112) //
     CVE-2022-39188
     - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
   * CVE-2022-45934
     - Bluetooth: L2CAP: Fix u8 overflow
   * Bionic update: upstream stable patchset 2022-06-21 (LP: #1979355) //
     CVE-2022-2991
     - lightnvm: disable the subsystem
   * Bionic update: upstream stable patchset 2021-11-02 (LP: #1949512) //
     CVE-2021-4203
     - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
   * Bionic update: upstream stable patchset 2022-04-26 (LP: #1970479) //
     CVE-2021-3772
     - sctp: fix the processing for INIT chunk
     - sctp: fix the processing for INIT_ACK chunk
   * Bionic update: upstream stable patchset 2021-12-03 (LP: #1953202) //
     CVE-2021-3772
     - sctp: use init_tag from inithdr for ABORT chunk
     - sctp: fix the processing for COOKIE_ECHO chunk
     - sctp: add vtag check in sctp_sf_violation
     - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
     - sctp: add vtag check in sctp_sf_ootb
   * CVE-2022-3303
     - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
   * Bionic update: upstream stable patchset 2022-09-21 (LP: #1990434) //
     CVE-2022-1462
     - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
     - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
   * CVE-2022-1462
     - tty: fix deadlock caused by calling printk() under tty_port->lock
   * Bionic update: upstream stable patchset 2020-11-10 (LP: #1903768) //
     CVE-2022-1462
     - pty: do tty_flip_buffer_push without port->lock in pty_write
   * Bionic update: upstream stable patchset 2019-02-08 (LP: #1815234) //
     CVE-2022-1462
     - tty: Fix data race in tty_insert_flip_string_fixed_flag
   * Bionic update: upstream stable patchset 2022-10-18 (LP: #1993349) //
     CVE-2022-4662
     - USB: core: Prevent nested device-reset calls
   * Bionic update: upstream stable patchset 2022-03-04 (LP: #1963717) //
     CVE-2022-0617
     - udf: Restore i_lenAlloc when inode expansion fails
     - udf: Fix NULL ptr deref when converting from inline format
   * Bionic update: upstream stable patchset 2022-04-26 (LP: #1970479) //
     CVE-2022-1016
     - netfilter: nf_tables: initialize registers in nft_do_chain()
   * Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831) //
     CVE-2022-2380
     - video: fbdev: sm712fb: Fix crash in smtcfb_read()
   * Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831) //
     CVE-2022-3111
     - power: supply: wm8350-power: Add missing free in free_charger_irq
   * CVE-2022-3628
     - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
   * Bionic update: upstream stable patchset 2021-08-27 (LP: #1941916) //
     CVE-2021-3732
     - ovl: prevent private clone if bind mount is not allowed
   * Bionic update: upstream stable patchset 2021-12-13 (LP: #1954703) //
     CVE-2021-45868
     - quota: check block number when reading the block in quota file
   * Bionic update: upstream stable patchset 2021-04-30 (LP: #1926808) //
     CVE-2021-3659
     - net: mac802154: Fix general protection fault
   * Bionic update: upstream stable patchset 2023-03-03 (LP: #2009237) //
     CVE-2023-1074
     - sctp: fail if no bound addresses can be used for a given scope
   * Bionic update: upstream stable patchset 2022-09-23 (LP: #1990698) //
     CVE-2023-1095
     - netfilter: nf_tables: fix null deref due to zeroed list head
   * CVE-2023-1118
     - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
   * Bionic update: upstream stable patchset 2023-01-20 (LP: #2003596) //
     CVE-2023-26607
     - ntfs: fix out-of-bounds read in ntfs_attr_find()
   * Bionic update: upstream stable patchset 2022-09-23 (LP: #1990698)
     - ntfs: fix use-after-free in ntfs_ucsncmp()
   * CVE-2022-20572
     - dm verity: set DM_TARGET_IMMUTABLE feature flag
   * CVE-2022-3903
     - USB: add usb_control_msg_send() and usb_control_msg_recv()
     - USB: correct API of usb_control_msg_send/recv
     - USB: move snd_usb_pipe_sanity_check into the USB core
     - media: mceusb: Use new usb_control_msg_*() routines
   * Bionic update: upstream stable patchset 2022-02-11 (LP: #1960681)
     - media: mceusb: fix control-message timeouts
   * Bionic update: upstream stable patchset 2022-04-26 (LP: #1970479) //
     CVE-2021-4149
     - btrfs: unlock newly allocated extent buffer after error
   * Bionic update: upstream stable patchset 2022-01-11 (LP: #1957113) //
     CVE-2022-20132
     - HID: wacom: fix problems when device is not a valid USB device
     - HID: check for valid USB device for many HID drivers
   * Bionic update: upstream stable patchset 2022-01-11 (LP: #1957113)
     - HID: add hid_is_usb() function to make it simpler for USB detection
   * Bionic update: upstream stable patchset 2022-01-14 (LP: #1957957) //
     CVE-2021-28713
     - xen/console: harden hvc_xen against event channel storms
   * CVE-2021-28712
     - xen/netfront: harden netfront against event channel storms
   * CVE-2021-28711
     - xen/blkfront: harden blkfront against event channel storms
   * CVE-2023-26545
     - net: mpls: fix stale pointer if allocation fails during device rename
   * Bionic update: upstream stable patchset 2022-06-21 (LP: #1979355) //
     CVE-2022-1975
     - NFC: netlink: fix sleep in atomic bug when firmware download timeout
   * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782) //
     CVE-2022-1974
     - NFC: NULL out the dev->rfkill to prevent UAF
   * CVE-2022-1974
     - nfc: replace improper check device_is_registered() in netlink related
       functions
   * Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831) //
     CVE-2022-1011
     - fuse: fix pipe buffer lifetime for direct_io
   * Bionic update: upstream stable patchset 2022-03-29 (LP: #1967013) //
     CVE-2022-0487
     - moxart: fix potential use-after-free on remove path
   * CVE-2021-3669
     - ipc: replace costly bailout check in sysvipc_find_ipc()
   * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403) //
     CVE-2022-41218 is assigned to those bugs above. // CVE-2023-1118
     - media: dvb-core: Fix UAF due to refcount races at releasing
   * Bionic update: upstream stable patchset 2021-08-03 (LP: #1938824) //
     CVE-2023-28772
     - seq_buf: Fix overflow in seq_buf_putmem_hex()
   * Bionic update: upstream stable patchset 2021-02-10 (LP: #1915328) //
     CVE-2023-1390
     - tipc: fix NULL deref in tipc_link_xmit()
   * Bionic update: upstream stable patchset 2022-11-15 (LP: #1996650) //
     CVE-2022-41850
     - HID: roccat: Fix use-after-free in roccat_read()
   * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403) //
     CVE-2023-23455
     - net: sched: atm: dont intepret cls results when asked to drop
   * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403) //
     CVE-2022-47929
     - net: sched: disallow noqueue for qdisc classes
   * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403) //
     CVE-2022-3424
     - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault
       and gru_handle_user_call_os
   * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403) //
     CVE-2023-0394
     - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
   * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403) //
     CVE-2022-36280
     - drm/vmwgfx: Validate the box size for the snooped cursor
   * Bionic update: upstream stable patchset 2022-11-15 (LP: #1996650) //
     CVE-2022-41849
     - fbdev: smscufx: Fix use-after-free in ufx_ops_open()
   * Miscellaneous Ubuntu changes
     - Config update
   * Miscellaneous upstream changes
     - media: dvb: dmx: fixed coding style issues of spacing
     - NFC: reorder the logic in nfc_{un,}register_device
     - xen/blkfront: separate per ring information out of device info
     - xen/blkfront: pseudo support for multi hardware queues/rings
     - xen/blkfront: split per device io_lock
     - xen/io: use virt_xxx barriers
     - xen: sync include/xen/interface/io/ring.h with Xen's newest version
     - xen/netfront: read response from backend only once
     - xen/netfront: don't read data from request on the ring page
     - xen/netfront: disentangle tx_skb_freelist
     - xen/netfront: don't trust the backend response data blindly
     - HID: introduce hid_is_using_ll_driver
     - clone_private_mount() doesn't need to touch namespace_sem
     - lightnvm: NVM should depend on HAS_DMA

Updated packages:

linux-buildinfo-4.4.0-238-tuxcare.els9-generic_4.4.0-238.272_amd64.deb
sha:40c1f6bdad0c1b0c5c7d6e2c2a1f0646f5ec24a0
linux-buildinfo-4.4.0-238-tuxcare.els9-lowlatency_4.4.0-238.272_amd64.deb
sha:fee7709ef3b91afbd8e66cf08cb748c9054e3811
linux-cloud-tools-4.4.0-238-tuxcare.els9_4.4.0-238.272_amd64.deb
sha:055d8e15d3670760af34060eddb080efa0e2627c
linux-cloud-tools-4.4.0-238-tuxcare.els9-generic_4.4.0-238.272_amd64.deb
sha:1194cceac524a7a428b5056a644d53b80613e577
linux-cloud-tools-4.4.0-238-tuxcare.els9-lowlatency_4.4.0-238.272_amd64.deb
sha:277860591ff28466dceb2abbac02294c0ee1d5a4
linux-cloud-tools-common_4.4.0-238.272_all.deb
sha:2fd73f0d0bf644f5d259280024b431547bec2b34
linux-cloud-tools-generic_4.4.0.238.272_amd64.deb
sha:c85fb63c1b15d091cb7d532a59355700be82e65f
linux-cloud-tools-lowlatency_4.4.0.238.272_amd64.deb
sha:693bcd16b067e026b831b5e2b1abbe4e2d495ea6
linux-crashdump_4.4.0.238.272_amd64.deb
sha:93dbe94b5694e391e12f87c4da13e8904981348f
linux-doc_4.4.0-238.272_all.deb
sha:93eaff2fe1d3aa8d1374fc90035b7cf417a96fe0
linux-generic_4.4.0.238.272_amd64.deb
sha:a6eca6ac379ca222b05d558e1cec7d8d8c8a751e
linux-headers-4.4.0-238-tuxcare.els9_4.4.0-238.272_all.deb
sha:e176444da0e9443c08d297d94ddd09f0f144bed4
linux-headers-4.4.0-238-tuxcare.els9-generic_4.4.0-238.272_amd64.deb
sha:d7780a31fc4f9e7a8a92937f66b80d068ddd7908
linux-headers-4.4.0-238-tuxcare.els9-lowlatency_4.4.0-238.272_amd64.deb
sha:ac2288557016c8905db8bf7bc9ddfb5c187dd294
linux-headers-generic_4.4.0.238.272_amd64.deb
sha:a938906b40e01155e8598a52c9a6c9b2e0addfb0
linux-headers-lowlatency_4.4.0.238.272_amd64.deb
sha:50aea214a3b3e29a41966eb40080d703ccde3c85
linux-image-generic_4.4.0.238.272_amd64.deb
sha:31d281c41e77466b746a596676e46b0800366c43
linux-image-lowlatency_4.4.0.238.272_amd64.deb
sha:604fb47bbf3c3797579efb1218dda5694f7fbc09
linux-image-unsigned-4.4.0-238-tuxcare.els9-generic_4.4.0-238.272_amd64.deb
sha:71d30b755935e2a9ed0bd2129b42704b1d409216
linux-image-unsigned-4.4.0-238-tuxcare.els9-lowlatency_4.4.0-238.272_amd64.deb
sha:13ee098070a4b2bb354a02b74a236b01d3a6f4cb
linux-libc-dev_4.4.0-238.272_amd64.deb
sha:84fd6e77f85036969fbc2774a3585e442cd6b152
linux-lowlatency_4.4.0.238.272_amd64.deb
sha:139e70d01fee80932a43d22f747539be22eecb11
linux-modules-4.4.0-238-tuxcare.els9-generic_4.4.0-238.272_amd64.deb
sha:5ef80d65da71a86bd717b19efb66de159ee95e46
linux-modules-4.4.0-238-tuxcare.els9-lowlatency_4.4.0-238.272_amd64.deb
sha:e4ccdaa3667c1774fc95e11f0d34dc144ba1919b
linux-modules-extra-4.4.0-238-tuxcare.els9-generic_4.4.0-238.272_amd64.deb
sha:fb8ac2b8d2d450d0140c5c170e1f868b35ae66c6
linux-source_4.4.0.238.272_all.deb
sha:42fa0c4c3e976fc3b8b7149054bf586e03857389
linux-source-4.4.0_4.4.0-238.272_all.deb
sha:d690b5dd1f01f9a3d985fb74601c931a7b562d4e
linux-tools-4.4.0-238-tuxcare.els9_4.4.0-238.272_amd64.deb
sha:455bee1509fb0d00eeb2814d07d85f7b43e7ccd8
linux-tools-4.4.0-238-tuxcare.els9-generic_4.4.0-238.272_amd64.deb
sha:1b57f0f074751c73863420641ce024b862d24ee2
linux-tools-4.4.0-238-tuxcare.els9-lowlatency_4.4.0-238.272_amd64.deb
sha:c65825c4136c17e9ab6a296a30cfa7e93d7f624e
linux-tools-common_4.4.0-238.272_all.deb
sha:2569024f29249c966861b4f9ad99fc5eea296031
linux-tools-generic_4.4.0.238.272_amd64.deb
sha:fd4a01a182f72952a4b24274f343601546b114f9
linux-tools-host_4.4.0-238.272_all.deb
sha:21762b2530a3369ac8aa1de3548f00cea99328ad
linux-tools-lowlatency_4.4.0.238.272_amd64.deb
sha:e1b1245f1949233dcc29b748efc99da429a2809c

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.