Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144).
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143).
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577).
- CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426).
- CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266).
The following non-security bugs were fixed:
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- exec: Force single empty string when argv is empty (bsc#1200571).
Список пакетов
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise High Availability Extension 12 SP4
SUSE Linux Enterprise Live Patching 12 SP4
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2022:2393-1
- E-Mail link for SUSE-SU-2022:2393-1
- SUSE Security Ratings
- SUSE Bug 1158266
- SUSE Bug 1162338
- SUSE Bug 1162369
- SUSE Bug 1173871
- SUSE Bug 1177282
- SUSE Bug 1194013
- SUSE Bug 1196901
- SUSE Bug 1198577
- SUSE Bug 1199426
- SUSE Bug 1199487
- SUSE Bug 1199507
- SUSE Bug 1199657
- SUSE Bug 1200059
- SUSE Bug 1200143
- SUSE Bug 1200144
- SUSE Bug 1200249
- SUSE Bug 1200571
Описание
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
Затронутые продукты
Ссылки
- CVE-2019-19377
- SUSE Bug 1158266
- SUSE Bug 1162338
- SUSE Bug 1162369
- SUSE Bug 1173871
- SUSE Bug 1211495
Описание
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
Затронутые продукты
Ссылки
- CVE-2020-26541
- SUSE Bug 1177282
Описание
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
Затронутые продукты
Ссылки
- CVE-2021-26341
- SUSE Bug 1196901
- SUSE Bug 1201050
Описание
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.
Затронутые продукты
Ссылки
- CVE-2021-4157
- SUSE Bug 1194013
Описание
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2022-1184
- SUSE Bug 1198577
- SUSE Bug 1210859
Описание
A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-1679
- SUSE Bug 1199487
- SUSE Bug 1201080
- SUSE Bug 1201832
- SUSE Bug 1204132
- SUSE Bug 1212316
Описание
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
Затронутые продукты
Ссылки
- CVE-2022-1729
- SUSE Bug 1199507
- SUSE Bug 1199697
- SUSE Bug 1201832
Описание
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
Затронутые продукты
Ссылки
- CVE-2022-1974
- SUSE Bug 1200144
- SUSE Bug 1200265
Описание
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
Затронутые продукты
Ссылки
- CVE-2022-1975
- SUSE Bug 1200143
Описание
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2022-20132
- SUSE Bug 1200619
- SUSE Bug 1212287
Описание
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2022-20141
- SUSE Bug 1200604
- SUSE Bug 1200605
- SUSE Bug 1203034
Описание
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2022-20154
- SUSE Bug 1200599
- SUSE Bug 1200608
- SUSE Bug 1224298
- SUSE Bug 1224878
Описание
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Затронутые продукты
Ссылки
- CVE-2022-21499
- SUSE Bug 1199426
- SUSE Bug 1200059
- SUSE Bug 1203034
- SUSE Bug 1204132
- SUSE Bug 1212315
Описание
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
Затронутые продукты
Ссылки
- CVE-2022-2318
- SUSE Bug 1201251
- SUSE Bug 1212303
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-26365
- SUSE Bug 1200762
Описание
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Затронутые продукты
Ссылки
- CVE-2022-29900
- SUSE Bug 1199657
- SUSE Bug 1201469
- SUSE Bug 1207894
Описание
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Затронутые продукты
Ссылки
- CVE-2022-29901
- SUSE Bug 1201469
- SUSE Bug 1207894
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-33740
- SUSE Bug 1200762
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-33741
- SUSE Bug 1200762
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-33742
- SUSE Bug 1200762
Описание
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
Затронутые продукты
Ссылки
- CVE-2022-33981
- SUSE Bug 1200692