Описание
Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-59_40 fixes one issue.
The following security issue was fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
kernel-livepatch-5_3_18-59_34-default-3-150300.2.2
kernel-livepatch-5_3_18-59_37-default-2-150300.2.2
kernel-livepatch-5_3_18-59_40-default-2-150300.2.2
Ссылки
- Link for SUSE-SU-2022:0262-1
- E-Mail link for SUSE-SU-2022:0262-1
- SUSE Security Ratings
- SUSE Bug 1194737
- SUSE CVE CVE-2022-0185 page
Описание
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_34-default-3-150300.2.2
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_37-default-2-150300.2.2
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-59_40-default-2-150300.2.2
Ссылки
- CVE-2022-0185
- SUSE Bug 1194517
- SUSE Bug 1194737