Описание
Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues.
The following security issues were fixed:
- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867).
- CVE-2022-1116: Fixed integer overflow or wraparound vulnerability in io_uring, where a local attacker could have caused memory corruption and escalate privileges to root (bsc#1199648).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-150200_24_126-default-2-150200.2.1
Ссылки
- Link for SUSE-SU-2022:3088-1
- E-Mail link for SUSE-SU-2022:3088-1
- SUSE Security Ratings
- SUSE Bug 1196867
- SUSE Bug 1199648
- SUSE CVE CVE-2020-36516 page
- SUSE CVE CVE-2022-1116 page
Описание
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-2-150200.2.1
Ссылки
- CVE-2020-36516
- SUSE Bug 1196616
- SUSE Bug 1196867
- SUSE Bug 1204092
- SUSE Bug 1204183
Описание
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-2-150200.2.1
Ссылки
- CVE-2022-1116
- SUSE Bug 1199647
- SUSE Bug 1199648
- SUSE Bug 1209225