Описание
Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-59_37 fixes several issues.
The following security issues were fixed:
-
- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133)
- CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950)
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2022:1575-1
- E-Mail link for SUSE-SU-2022:1575-1
- SUSE Security Ratings
- SUSE Bug 1195950
- SUSE Bug 1198133
- SUSE CVE CVE-2022-0330 page
- SUSE CVE CVE-2022-1158 page
Описание
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-0330
- SUSE Bug 1194880
- SUSE Bug 1195950
Описание
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.
Затронутые продукты
Ссылки
- CVE-2022-1158
- SUSE Bug 1197660
- SUSE Bug 1198133