Описание
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-59_13 fixes several issues.
The following security issues were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842).
- CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193)
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2022:0295-1
- E-Mail link for SUSE-SU-2022:0295-1
- SUSE Security Ratings
- SUSE Bug 1191529
- SUSE Bug 1192036
- SUSE Bug 1193529
- SUSE Bug 1194461
- SUSE Bug 1194737
- SUSE CVE CVE-2020-3702 page
- SUSE CVE CVE-2021-4028 page
- SUSE CVE CVE-2021-4154 page
- SUSE CVE CVE-2021-42739 page
- SUSE CVE CVE-2022-0185 page
Описание
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
Затронутые продукты
Ссылки
- CVE-2020-3702
- SUSE Bug 1191193
- SUSE Bug 1191529
Описание
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
Затронутые продукты
Ссылки
- CVE-2021-4028
- SUSE Bug 1193167
- SUSE Bug 1193529
Описание
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Затронутые продукты
Ссылки
- CVE-2021-4154
- SUSE Bug 1193842
- SUSE Bug 1194461
Описание
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
Затронутые продукты
Ссылки
- CVE-2021-42739
- SUSE Bug 1184673
- SUSE Bug 1192036
- SUSE Bug 1196722
- SUSE Bug 1196914
Описание
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-0185
- SUSE Bug 1194517
- SUSE Bug 1194737