Описание
Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues.
The following security issue was fixed:
- CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c. This flaw allowed a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak (bsc#1198590).
- Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_99-default-8-150200.2.1
kernel-livepatch-5_3_18-24_107-default-6-150200.2.1
SUSE Linux Enterprise Live Patching 15 SP3
kernel-livepatch-5_3_18-150300_59_49-default-7-150300.2.1
kernel-livepatch-5_3_18-59_13-default-15-150300.2.1
kernel-livepatch-5_3_18-150300_59_43-default-8-150300.2.1
kernel-livepatch-5_3_18-150300_59_46-default-8-150300.2.1
kernel-livepatch-5_3_18-150300_59_60-default-5-150300.2.1
kernel-livepatch-5_3_18-150300_59_54-default-6-150300.2.1
Ссылки
- Link for SUSE-SU-2022:1859-1
- E-Mail link for SUSE-SU-2022:1859-1
- SUSE Security Ratings
- SUSE Bug 1198590
- SUSE Bug 1199834
- SUSE CVE CVE-2022-1280 page
Описание
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_107-default-6-150200.2.1
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_99-default-8-150200.2.1
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_43-default-8-150300.2.1
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_46-default-8-150300.2.1
Ссылки
- CVE-2022-1280
- SUSE Bug 1197914
- SUSE Bug 1198590