SUSE-SU-2022:0647-1

Опубликовано: 01 мар. 2022

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-197_86 fixes one issue.

The following security issue was fixed:

CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463).

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP4

kgraft-patch-4_12_14-95_83-default-4-2.1

kgraft-patch-4_12_14-95_80-default-9-2.1

kgraft-patch-4_12_14-95_74-default-12-2.1

kgraft-patch-4_12_14-95_71-default-15-2.2

SUSE Linux Enterprise Live Patching 12 SP5

kgraft-patch-4_12_14-122_103-default-4-2.1

kgraft-patch-4_12_14-122_98-default-4-2.1

kgraft-patch-4_12_14-122_91-default-6-2.1

kgraft-patch-4_12_14-122_88-default-6-2.1

kgraft-patch-4_12_14-122_83-default-8-2.1

kgraft-patch-4_12_14-122_80-default-9-2.1

kgraft-patch-4_12_14-122_77-default-10-2.1

kgraft-patch-4_12_14-122_74-default-10-2.1

kgraft-patch-4_12_14-122_71-default-12-2.1

kgraft-patch-4_12_14-122_66-default-13-2.1

kgraft-patch-4_12_14-122_63-default-15-2.2

SUSE Linux Enterprise Live Patching 15 SP1

kernel-livepatch-4_12_14-197_102-default-4-2.1

kernel-livepatch-4_12_14-197_99-default-9-2.1

kernel-livepatch-4_12_14-197_92-default-11-2.1

kernel-livepatch-4_12_14-197_89-default-12-2.1

kernel-livepatch-4_12_14-197_86-default-15-2.2

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220647-1/
Link for SUSE-SU-2022:0647-1
https://lists.suse.com/pipermail/sle-security-updates/2022-March/010321.html
E-Mail link for SUSE-SU-2022:0647-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194463
SUSE Bug 1194463
https://www.suse.com/security/cve/CVE-2021-0920/
SUSE CVE CVE-2021-0920 page

Описание

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-15-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_74-default-12-2.1

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_80-default-9-2.1

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_83-default-4-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-0920.html
CVE-2021-0920
https://bugzilla.suse.com/1193731
SUSE Bug 1193731
https://bugzilla.suse.com/1194463
SUSE Bug 1194463
https://bugzilla.suse.com/1195939
SUSE Bug 1195939
https://bugzilla.suse.com/1199255
SUSE Bug 1199255
https://bugzilla.suse.com/1200084
SUSE Bug 1200084

SUSE-SU-2022:0647-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP4

SUSE Linux Enterprise Live Patching 12 SP5

SUSE Linux Enterprise Live Patching 15 SP1

Ссылки

Уязвимость: CVE-2021-0920

Описание

Затронутые продукты

Ссылки