Описание
Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-24_96 fixes one issue.
The following security issue was fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_93-default-3-2.2
kernel-livepatch-5_3_18-24_96-default-2-2.2
Ссылки
- Link for SUSE-SU-2022:0239-1
- E-Mail link for SUSE-SU-2022:0239-1
- SUSE Security Ratings
- SUSE Bug 1194737
- SUSE CVE CVE-2022-0185 page
Описание
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_93-default-3-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_96-default-2-2.2
Ссылки
- CVE-2022-0185
- SUSE Bug 1194517
- SUSE Bug 1194737