Kernel Update Version:
Release Date:
2023-05-22 07:09:02
  • CVE-2021-45868

    quota: check block number when reading the block in quota file

    A use-after-free vulnerability in the quota mechanism, leading to a denial of service.
  • CVE-2022-2639

    openvswitch: integer underflow leads to out-of-bounds write

    An integer coercion error in the openvswitch kernel module potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
  • CVE-2022-3524

    memory leak in ipv6_renew_options

    A memory leak in the IPv6 functionality. This flaw allows a user to crash the system.
  • CVE-2022-3566

    data races around icsk->icsk_af_ops pointer

    A vulnerability in the tcp subsystem. This issue could allow an attacker to leak internal kernel information.
  • CVE-2022-2663

    netfilter fix irc helper

    A firewall flaw that can bypass the Netfilter functionality. This flaw allows a remote user to gain unauthorized access to the system.
  • CVE-2022-3545

    use-after-free in nfp device driver

    A vulnerability in the Netronome Flow Processor (NFP) driver. This flaw allows a manipulation that may lead to a use-after-free issue.
  • CVE-2022-4379

    NFSv4.1 double svc_xprt_put if rpc_create failures

    A use-after-free vulnerability the NFS filesystem. This flaw allows an attacker to conduct a remote denial of service.
  • CVE-2022-0812

    xprtrdma incorrect header size calculations

    An information leak flaw in NFS over RDMA. This flaw allows an attacker with normal user privileges to leak kernel information.
  • CVE-2022-24448

    Handle case where the lookup of a directory but file exists

    A flaw in the NFS filesystem. This flaw leads to the kernel's data leak into the userspace.
  • CVE-2022-41858

    Null pointer dereference in net SLIP driver

    A NULL pointer dereference in the net SLIP driver. This issue could allow an attacker to crash the system or leak internal kernel information.
  • CVE-2023-1838

    Double free in net vhost driver error path

    A use-after-free in the virtio network subcomponent. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem.
  • CVE-2022-29581

    Memory leak in net queue scheduler cls_u32 error handler

    A use-after-free in the network subcomponent. This flaw allows a local attacker to crash the system, cause a privilege escalation, and leak kernel information.
  • CVE-2022-20141

    Use after free during routing igmp multicast message

    A use-after-free flaw in the IGMP protocol. This flaw allows a local user to crash or potentially escalate their privileges on the system.
  • VSTOR-62165

    fuse: pcs: missing timeout at authentication

    Possible deadlock in kernel during connect to cluster storage.
  • PSBM-142789

    network packet corruption

    Unstable network connection caused by corruption packets in the network card driver.
  • PSBM-143283

    stale pointer in oom_context->victim

    Possible kernel crash while handling out of memory situation.
  • CVE-2022-3202

    Null Pointer Dereference in JFS filesystem.

    An attacker could use prepared image to crash the system or leak internal kernel information.
  • PSBM-142895

    netfilter: core: Improper NAT hooks collision check.

    Hooks collision during nftables and iptables hooks registering.
  • PSBM-141114

    blk-cbt: Percpu allocation leak.

    A memory leak in Changed Block Tracking code.
  • PSBM-141577

    Potential deadlock when lazytime-enabled mounted ploop is running on top of a fuse-based vStorage.

    There is a possible deadlock if a lazytime-enabled mounted ploop is running on top of vStorage. This tweak provides the ability to disable default lazytime mount option for ext4 mounts. For technical reasons this tweak is united with the oom_dump_tasks sysctl. You should use this sysctl in the following way: "echo 0 > /proc/sys/vm/oom_dump_tasks" - disable lazytime default and oom tasks dumping; "echo 1 > /proc/sys/vm/oom_dump_tasks" - disable lazytime default, enable oom tasks dumping; "echo 2 > /proc/sys/vm/oom_dump_tasks" - enable lazytime default, disable oom tasks dumping; "echo 3 > /proc/sys/vm/oom_dump_tasks" - enable lazytime default and oom tasks dumping.
  • PSBM-141578

    netfilter: nf_tables: NULL pointer access in chain filter.

    NULL pointer accsess in nf_tables chain filter leads to node crash.
  • PSBM-141642

    Calling kfree_skb from hardware interrupt may cause deadlock

    Avoid possible deadlock and packet loss. Fixes: PSBM-140896 Potential ARP DoS.
  • CVE-2021-4155

    Reading data from partially written XFS file block.

    A data leak flaw was found in XFS filesystem. An attacker could use this flaw to read deleted data.
  • CVE-2022-22942

    Use after free for file descriptor table for vmwgfx

    use-after-free flaw was found in the Linux kernel’s vmw_execbuf_copy_fence_user function in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem.
  • CVE-2022-0330

    Kernel buffers data leak or race in intel GPU driver.

    Incorrect GPU cache flush may allow access to system memory and run malicious code on GPU.
  • PSBM-140896

    Potential ARP DoS for containers in host-routed network mode.

  • PSBM-141526

    nfs: Excess dput in __put_nfs_open_context leads to a crash.

    There is double dput in nfs_prime_dcache(). Because of this excess dput we get a crash in __put_nfs_open_context().
  • CVE-2022-1966

    Use-after-free in the netfilter subsystem.

    The bug allows to initialize a non-stateful lookup expressions which points to a not properly detached set, which might lead to UAF. Potetntially it leads to privilege escalation.
  • PSBM-139465

    CPU hotplug leads to a VM crash on AMD processors with PCID.

  • CVE-2022-0492

    Potential privilege escalation when setting the release_agent.

    Setting release_agent could potentially lead to privilege escalation from unprivileged users inside a container to the container root. It couldn't be exploited to escape containers.
  • CVE-2021-0920

    Potential use-after-free in the 'recv' operation of UNIX domain sockets.

    Race condition between the garbage collector and the 'recv' operation with MSG_PEEK flag was found in the implementation of UNIX domain sockets. It could result in use-after-free and could potentially allow a local attacker to escalate their privileges in the system.
  • CVE-2021-4083

    Read-after-free in garbage collection for Unix domain socket file handlers.

  • CVE-2021-4028

    Use-after-free in RDMA listen().

  • PSBM-136140

    A flaw in XFS allows non-root users to read raw data from a mounted block device (CVE-2021-4155).

  • PSBM-136851

    Potential memory corruption in nfsd4_lock().

  • PSBM-136295

    fs/locks.c: Node crash BUG in locks_insert_block().

  • PSBM-136369

    fs: potential kernel crash in inode_permission() when processing paths containing '..'.

  • PSBM-134905

    nfsd: memory corruption and kernel crash in nfsd4_lock.

    It was discovered that certain operations with locks on NFS could result in a memory corruption and kernel crash in nfsd4_lock(). Note that, although the patch prevents new issues of this kind, it cannot fix the corruptions that have already occurred. So, kernel crashes are still possible even within a few hours after the ReadyKernel update has been applied, but should disappear after the reboot of the affected nodes.
  • PSBM-131551

    Virtual machines might fail to start on a host with AMD Milan CPU.

    It was discovered that virtual machines on the hosts with AMD Milan CPUs could try to set IA32_SPEC_CTRL MSR during their startup and would fail to start: qemu-kvm would be killed by SIGABRT.
  • PSBM-134323

    Memory allocation failed unexpectedly in __add_to_page_cache_locked().

    Ext4 FS was unexpectedly remounted read-only in a container after the container reached the limits set in the memory cgroup. It happened because the relevant memory allocations failed in __add_to_page_cache_locked while __GFP_NOFAIL flag was dropped for certain reason.
  • CVE-2022-4378

    proc string out of bound in proc_skip_spaces()

  • CVE-2022-3564

    bluetooth use-after-free in bluetooth l2cap_rx_state_recv

  • PSBM-145379

    netfilter per/cpu memory leak on error path

  • PSBM-145324

    fix device_rename for containers

  • CVE-2022-2588

    use-after-free in cls_route filter

  • PSBM-145263

    virtualize timestamps in /dev/ksmg and syslog outputs

  • CVE-2022-1353

    kernel data leak in pfkey_register

  • VSTOR-55377

    A hole in vstorage FUSE synchronization protocol leading to unsynchronized chunks.

  • PSBM-141136

    ms/xfrm: fix crash in XFRM_MSG_GETSA netlink handler