SUSE SLES12 Security Update : vim (SUSE-SU-2022:4619-1)

critical Nessus Plugin ID 169350

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4619-1 advisory.

- Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. (CVE-2009-0316)

- vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. (CVE-2016-1248)

- fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. (CVE-2017-17087)

- vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
(CVE-2017-5953)

- An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. (CVE-2017-6349)

- An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. (CVE-2017-6350)

- vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3968, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019, CVE-2021-4136, CVE-2022-0213)

- vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069, CVE-2021-4192)

- vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

- vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0359, CVE-2022-0361, CVE-2022-0407, CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

- Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)

- Out-of-bounds Read in vim/vim prior to 8.2. (CVE-2022-0319)

- Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
(CVE-2022-0351)

- Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)

- Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-1898, CVE-2022-1968)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. (CVE-2022-0696)

- global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1381)

- Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

- Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1616)

- Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
This vulnerabilities are capable of crashing software, modify memory, and possible remote execution (CVE-2022-1619)

- NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

- Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
(CVE-2022-1720)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

- Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

- Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

- Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

- Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2129, CVE-2022-2210)

- Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927, CVE-2022-2124, CVE-2022-2175)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

- Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

- Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)

- Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)

- Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

- Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

- Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
(CVE-2022-2845)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

- Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

- Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

- Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980)

- Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982)

- Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

- Use After Free in GitHub repository vim/vim prior to 9.0.0322. (CVE-2022-3037)

- Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099)

- Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. (CVE-2022-3153)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)

- Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)

- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)

- Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)

- Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)

- Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

- A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. (CVE-2022-3705)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected gvim, vim, vim-data and / or vim-data-common packages.

See Also

https://bugzilla.suse.com/1070955

https://bugzilla.suse.com/1173256

https://bugzilla.suse.com/1174564

https://bugzilla.suse.com/1176549

https://bugzilla.suse.com/1182324

https://bugzilla.suse.com/1190533

https://bugzilla.suse.com/1190570

https://bugzilla.suse.com/1191770

https://bugzilla.suse.com/1191893

https://bugzilla.suse.com/1192167

https://bugzilla.suse.com/1192478

https://www.suse.com/security/cve/CVE-2022-2125

https://www.suse.com/security/cve/CVE-2022-2126

https://www.suse.com/security/cve/CVE-2022-2129

https://www.suse.com/security/cve/CVE-2022-2175

https://www.suse.com/security/cve/CVE-2022-2182

https://www.suse.com/security/cve/CVE-2022-2183

https://www.suse.com/security/cve/CVE-2022-2206

https://www.suse.com/security/cve/CVE-2022-2207

https://www.suse.com/security/cve/CVE-2022-2208

https://www.suse.com/security/cve/CVE-2022-2210

https://www.suse.com/security/cve/CVE-2022-2231

https://www.suse.com/security/cve/CVE-2022-2257

https://www.suse.com/security/cve/CVE-2022-2264

https://www.suse.com/security/cve/CVE-2022-2284

https://www.suse.com/security/cve/CVE-2022-2285

https://www.suse.com/security/cve/CVE-2022-2286

https://www.suse.com/security/cve/CVE-2022-2287

https://www.suse.com/security/cve/CVE-2022-2304

https://www.suse.com/security/cve/CVE-2022-2343

https://www.suse.com/security/cve/CVE-2022-2344

https://www.suse.com/security/cve/CVE-2022-2345

https://www.suse.com/security/cve/CVE-2022-2522

https://www.suse.com/security/cve/CVE-2022-2571

https://www.suse.com/security/cve/CVE-2022-2580

https://www.suse.com/security/cve/CVE-2022-2581

https://www.suse.com/security/cve/CVE-2022-2598

https://www.suse.com/security/cve/CVE-2022-2816

https://www.suse.com/security/cve/CVE-2022-2817

https://www.suse.com/security/cve/CVE-2022-2819

https://www.suse.com/security/cve/CVE-2022-2845

https://www.suse.com/security/cve/CVE-2022-2849

https://www.suse.com/security/cve/CVE-2022-2862

https://www.suse.com/security/cve/CVE-2022-2874

https://www.suse.com/security/cve/CVE-2022-2889

https://www.suse.com/security/cve/CVE-2022-2923

https://www.suse.com/security/cve/CVE-2022-2946

https://www.suse.com/security/cve/CVE-2022-2980

https://www.suse.com/security/cve/CVE-2022-2982

https://www.suse.com/security/cve/CVE-2022-3016

https://www.suse.com/security/cve/CVE-2022-3037

https://www.suse.com/security/cve/CVE-2022-3099

https://www.suse.com/security/cve/CVE-2022-3134

https://www.suse.com/security/cve/CVE-2022-3153

https://www.suse.com/security/cve/CVE-2022-3234

https://www.suse.com/security/cve/CVE-2022-3235

https://www.suse.com/security/cve/CVE-2022-3278

https://www.suse.com/security/cve/CVE-2022-3296

https://www.suse.com/security/cve/CVE-2022-3297

https://www.suse.com/security/cve/CVE-2022-3324

https://www.suse.com/security/cve/CVE-2022-3352

https://www.suse.com/security/cve/CVE-2022-3705

http://www.nessus.org/u?a2be2817

https://bugzilla.suse.com/1192481

https://bugzilla.suse.com/1192902

https://bugzilla.suse.com/1192903

https://bugzilla.suse.com/1192904

https://bugzilla.suse.com/1193294

https://bugzilla.suse.com/1193298

https://bugzilla.suse.com/1193466

https://bugzilla.suse.com/1193905

https://bugzilla.suse.com/1194093

https://bugzilla.suse.com/1194216

https://bugzilla.suse.com/1194217

https://bugzilla.suse.com/1194388

https://bugzilla.suse.com/1194556

https://bugzilla.suse.com/1194872

https://bugzilla.suse.com/1194885

https://bugzilla.suse.com/1195004

https://bugzilla.suse.com/1195066

https://bugzilla.suse.com/1195126

https://bugzilla.suse.com/1195202

https://bugzilla.suse.com/1195203

https://bugzilla.suse.com/1195332

https://bugzilla.suse.com/1195354

https://bugzilla.suse.com/1195356

https://bugzilla.suse.com/1196361

https://bugzilla.suse.com/1198596

https://bugzilla.suse.com/1198748

https://bugzilla.suse.com/1199331

https://bugzilla.suse.com/1199333

https://bugzilla.suse.com/1199334

https://bugzilla.suse.com/1199651

https://bugzilla.suse.com/1199655

https://bugzilla.suse.com/1199693

https://bugzilla.suse.com/1199745

https://bugzilla.suse.com/1199747

https://bugzilla.suse.com/1199936

https://bugzilla.suse.com/1200010

https://bugzilla.suse.com/1200011

https://bugzilla.suse.com/1200012

https://bugzilla.suse.com/1200270

https://bugzilla.suse.com/1200697

https://bugzilla.suse.com/1200698

https://bugzilla.suse.com/1200700

https://bugzilla.suse.com/1200701

https://bugzilla.suse.com/1200732

https://bugzilla.suse.com/1200884

https://bugzilla.suse.com/1200902

https://bugzilla.suse.com/1200903

https://bugzilla.suse.com/1200904

https://bugzilla.suse.com/1201132

https://bugzilla.suse.com/1201133

https://bugzilla.suse.com/1201134

https://bugzilla.suse.com/1201135

https://bugzilla.suse.com/1201136

https://bugzilla.suse.com/1201150

https://bugzilla.suse.com/1201151

https://bugzilla.suse.com/1201152

https://bugzilla.suse.com/1201153

https://bugzilla.suse.com/1201154

https://bugzilla.suse.com/1201155

https://bugzilla.suse.com/1201249

https://bugzilla.suse.com/1201356

https://bugzilla.suse.com/1201359

https://bugzilla.suse.com/1201363

https://bugzilla.suse.com/1201620

https://bugzilla.suse.com/1201863

https://bugzilla.suse.com/1202046

https://bugzilla.suse.com/1202049

https://bugzilla.suse.com/1202050

https://bugzilla.suse.com/1202051

https://bugzilla.suse.com/1202414

https://bugzilla.suse.com/1202420

https://bugzilla.suse.com/1202421

https://bugzilla.suse.com/1202511

https://bugzilla.suse.com/1202512

https://bugzilla.suse.com/1202515

https://bugzilla.suse.com/1202552

https://bugzilla.suse.com/1202599

https://bugzilla.suse.com/1202687

https://bugzilla.suse.com/1202689

https://bugzilla.suse.com/1202862

https://bugzilla.suse.com/1202962

https://bugzilla.suse.com/1203110

https://bugzilla.suse.com/1203152

https://bugzilla.suse.com/1203155

https://bugzilla.suse.com/1203194

https://bugzilla.suse.com/1203272

https://bugzilla.suse.com/1203508

https://bugzilla.suse.com/1203509

https://bugzilla.suse.com/1203796

https://bugzilla.suse.com/1203797

https://bugzilla.suse.com/1203799

https://bugzilla.suse.com/1203820

https://bugzilla.suse.com/1203924

https://bugzilla.suse.com/1204779

https://www.suse.com/security/cve/CVE-2009-0316

https://www.suse.com/security/cve/CVE-2016-1248

https://www.suse.com/security/cve/CVE-2017-17087

https://www.suse.com/security/cve/CVE-2017-5953

https://www.suse.com/security/cve/CVE-2017-6349

https://www.suse.com/security/cve/CVE-2017-6350

https://www.suse.com/security/cve/CVE-2021-3778

https://www.suse.com/security/cve/CVE-2021-3796

https://www.suse.com/security/cve/CVE-2021-3872

https://www.suse.com/security/cve/CVE-2021-3875

https://www.suse.com/security/cve/CVE-2021-3903

https://www.suse.com/security/cve/CVE-2021-3927

https://www.suse.com/security/cve/CVE-2021-3928

https://www.suse.com/security/cve/CVE-2021-3968

https://www.suse.com/security/cve/CVE-2021-3973

https://www.suse.com/security/cve/CVE-2021-3974

https://www.suse.com/security/cve/CVE-2021-3984

https://www.suse.com/security/cve/CVE-2021-4019

https://www.suse.com/security/cve/CVE-2021-4069

https://www.suse.com/security/cve/CVE-2021-4136

https://www.suse.com/security/cve/CVE-2021-4166

https://www.suse.com/security/cve/CVE-2021-4192

https://www.suse.com/security/cve/CVE-2021-4193

https://www.suse.com/security/cve/CVE-2021-46059

https://www.suse.com/security/cve/CVE-2022-0128

https://www.suse.com/security/cve/CVE-2022-0213

https://www.suse.com/security/cve/CVE-2022-0261

https://www.suse.com/security/cve/CVE-2022-0318

https://www.suse.com/security/cve/CVE-2022-0319

https://www.suse.com/security/cve/CVE-2022-0351

https://www.suse.com/security/cve/CVE-2022-0359

https://www.suse.com/security/cve/CVE-2022-0361

https://www.suse.com/security/cve/CVE-2022-0392

https://www.suse.com/security/cve/CVE-2022-0407

https://www.suse.com/security/cve/CVE-2022-0413

https://www.suse.com/security/cve/CVE-2022-0696

https://www.suse.com/security/cve/CVE-2022-1381

https://www.suse.com/security/cve/CVE-2022-1420

https://www.suse.com/security/cve/CVE-2022-1616

https://www.suse.com/security/cve/CVE-2022-1619

https://www.suse.com/security/cve/CVE-2022-1620

https://www.suse.com/security/cve/CVE-2022-1720

https://www.suse.com/security/cve/CVE-2022-1733

https://www.suse.com/security/cve/CVE-2022-1735

https://www.suse.com/security/cve/CVE-2022-1771

https://www.suse.com/security/cve/CVE-2022-1785

https://www.suse.com/security/cve/CVE-2022-1796

https://www.suse.com/security/cve/CVE-2022-1851

https://www.suse.com/security/cve/CVE-2022-1897

https://www.suse.com/security/cve/CVE-2022-1898

https://www.suse.com/security/cve/CVE-2022-1927

https://www.suse.com/security/cve/CVE-2022-1968

https://www.suse.com/security/cve/CVE-2022-2124

Plugin Details

Severity: Critical

ID: 169350

File Name: suse_SU-2022-4619-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 12/28/2022

Updated: 7/14/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3973

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-0318

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:vim-data, p-cpe:/a:novell:suse_linux:gvim, p-cpe:/a:novell:suse_linux:vim, p-cpe:/a:novell:suse_linux:vim-data-common

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/27/2022

Vulnerability Publication Date: 1/26/2009

Reference Information

CVE: CVE-2009-0316, CVE-2016-1248, CVE-2017-17087, CVE-2017-5953, CVE-2017-6349, CVE-2017-6350, CVE-2021-3778, CVE-2021-3796, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4136, CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0407, CVE-2022-0413, CVE-2022-0696, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705

IAVB: 2022-B-0049-S, 2023-B-0016-S

SuSE: SUSE-SU-2022:4619-1