Описание
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_46 fixes one issue.
The following security issue was fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_99-default-2-2.2
SUSE Linux Enterprise Live Patching 15 SP3
kernel-livepatch-5_3_18-150300_59_43-default-2-150300.2.2
kernel-livepatch-5_3_18-150300_59_46-default-2-150300.2.2
Ссылки
- Link for SUSE-SU-2022:0429-1
- E-Mail link for SUSE-SU-2022:0429-1
- SUSE Security Ratings
- SUSE Bug 1195308
- SUSE CVE CVE-2022-0435 page
Описание
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_99-default-2-2.2
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-2-150300.2.2
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-2-150300.2.2
Ссылки
- CVE-2022-0435
- SUSE Bug 1195254
- SUSE Bug 1195308
- SUSE Bug 1226672