Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3450-1

Опубликовано: 28 сент. 2022
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
  • CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
  • CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
  • CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
  • CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
  • CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
  • CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
  • CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
  • CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
  • CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482).
  • CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
  • CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
  • CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
  • CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
  • CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
  • CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
  • CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
  • CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015)
  • CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665).
  • CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).

The following non-security bugs were fixed:

  • cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
  • cifs: skip trailing separators of prefix paths (bsc#1188944).
  • config: Update files NVRAM=y (bsc#1201361 bsc#1192968).
  • kernel-obs-build: include qemu_fw_cfg (boo#1201705)
  • lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
  • md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
  • mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
  • mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
  • net_sched: cls_route: disallow handle of 0 (bsc#1202393).
  • objtool: Add support for intra-function calls (bsc#1202396).
  • objtool: Make handle_insn_ops() unconditional (bsc#1202396).
  • objtool: Remove INSN_STACK (bsc#1202396).
  • objtool: Rework allocating stack_ops on decode (bsc#1202396).
  • objtool: Support multiple stack_op per instruction (bsc#1202396).
  • rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
  • tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
  • tcp: change source port randomizarion at connect() time (bsc#1180153).

Список пакетов

Image SLES15-SP2-BYOS-Azure
kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM
kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE
kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure
kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-Azure
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-BYOS-Azure
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-BYOS-GCE
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-EC2-HVM
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
Image SLES15-SP2-SAP-GCE
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
kernel-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
SUSE Enterprise Storage 7
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
SUSE Linux Enterprise High Availability Extension 15 SP2
cluster-md-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Live Patching 15 SP2
kernel-default-livepatch-5.3.18-150200.24.129.1
kernel-default-livepatch-devel-5.3.18-150200.24.129.1
kernel-livepatch-5_3_18-150200_24_129-default-1-150200.5.3.1
SUSE Linux Enterprise Server 15 SP2-BCL
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server 15 SP2-LTSS
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
SUSE Manager Proxy 4.1
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
SUSE Manager Retail Branch Server 4.1
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
SUSE Manager Server 4.1
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1

Ссылки

Описание

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки

Описание

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.129.1
Image SLES15-SP2-HPC-BYOS-Azure:kernel-default-5.3.18-150200.24.129.1
Ссылки
Уязвимость SUSE-SU-2022:3450-1