Описание
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-59_5 fixes several issues.
The following security issues were fixed:
- CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
- CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions.
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2022:2239-1
- E-Mail link for SUSE-SU-2022:2239-1
- SUSE Security Ratings
- SUSE Bug 1199606
- SUSE Bug 1199648
- SUSE Bug 1200266
- SUSE Bug 1200268
- SUSE CVE CVE-2022-1116 page
- SUSE CVE CVE-2022-1734 page
- SUSE CVE CVE-2022-1966 page
- SUSE CVE CVE-2022-1972 page
- SUSE CVE CVE-2022-32250 page
Описание
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.
Затронутые продукты
Ссылки
- CVE-2022-1116
- SUSE Bug 1199647
- SUSE Bug 1199648
- SUSE Bug 1209225
Описание
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
Затронутые продукты
Ссылки
- CVE-2022-1734
- SUSE Bug 1199605
- SUSE Bug 1199606
- SUSE Bug 1201832
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2022-1966
- SUSE Bug 1200015
- SUSE Bug 1200268
- SUSE Bug 1200494
- SUSE Bug 1200529
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2022-1972
- SUSE Bug 1200019
- SUSE Bug 1200266
Описание
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
Затронутые продукты
Ссылки
- CVE-2022-32250
- SUSE Bug 1200015
- SUSE Bug 1200268
- SUSE Bug 1200494
- SUSE Bug 1202992
- SUSE Bug 1202993
- SUSE Bug 1203002