Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0756-1

Опубликовано: 08 мар. 2022
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.

The following security bugs were fixed:

  • CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
  • CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
  • CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
  • CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
  • CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
  • CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731).
  • CVE-2016-10905: Fixed a use-after-free is gfs2_clear_rgrpd() and read_rindex_entry() (bsc#1146312).

The following non-security bug was fixed:

  • net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
kernel-default-4.4.121-92.169.1
kernel-default-base-4.4.121-92.169.1
kernel-default-devel-4.4.121-92.169.1
kernel-devel-4.4.121-92.169.1
kernel-macros-4.4.121-92.169.1
kernel-source-4.4.121-92.169.1
kernel-syms-4.4.121-92.169.1

Ссылки

Описание

An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.169.1
Ссылки

Описание

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.169.1
Ссылки

Описание

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.169.1
Ссылки

Описание

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.169.1
Ссылки

Описание

A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.169.1
Ссылки

Описание

A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.169.1
Ссылки

Описание

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.169.1
SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.169.1
Ссылки
Уязвимость SUSE-SU-2022:0756-1