Описание
Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues.
The following security issues were fixed:
- CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
kernel-livepatch-5_3_18-150300_59_54-default-2-150300.2.1
Ссылки
- Link for SUSE-SU-2022:1034-1
- E-Mail link for SUSE-SU-2022:1034-1
- SUSE Security Ratings
- SUSE Bug 1194463
- SUSE Bug 1196301
- SUSE CVE CVE-2021-0920 page
- SUSE CVE CVE-2022-25636 page
Описание
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-2-150300.2.1
Ссылки
- CVE-2021-0920
- SUSE Bug 1193731
- SUSE Bug 1194463
- SUSE Bug 1195939
- SUSE Bug 1199255
- SUSE Bug 1200084
Описание
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_54-default-2-150300.2.1
Ссылки
- CVE-2022-25636
- SUSE Bug 1196299
- SUSE Bug 1196301