Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-20008: Fixed local information disclosure due to possibility to read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564).
- CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677).
- CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bnc#1200288).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bnc#1203987).
The following non-security bugs were fixed:
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP1-SAPCAL-Azure
Image SLES15-SP1-SAPCAL-EC2-HVM
Image SLES15-SP1-SAPCAL-GCE
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability Extension 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Live Patching 15 SP1
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
openSUSE Leap 15.3
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2022:3693-1
- E-Mail link for SUSE-SU-2022:3693-1
- SUSE Security Ratings
- SUSE Bug 1199564
- SUSE Bug 1200288
- SUSE Bug 1201309
- SUSE Bug 1202677
- SUSE Bug 1202960
- SUSE Bug 1203552
- SUSE Bug 1203769
- SUSE Bug 1203987
- SUSE CVE CVE-2022-20008 page
- SUSE CVE CVE-2022-2503 page
- SUSE CVE CVE-2022-32296 page
- SUSE CVE CVE-2022-3239 page
- SUSE CVE CVE-2022-3303 page
- SUSE CVE CVE-2022-41218 page
- SUSE CVE CVE-2022-41848 page
Описание
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2022-20008
- SUSE Bug 1199564
Описание
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
Затронутые продукты
Ссылки
- CVE-2022-2503
- SUSE Bug 1202677
Описание
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
Затронутые продукты
Ссылки
- CVE-2022-32296
- SUSE Bug 1200288
Описание
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-3239
- SUSE Bug 1203552
Описание
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
Затронутые продукты
Ссылки
- CVE-2022-3303
- SUSE Bug 1203769
- SUSE Bug 1212304
Описание
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
Затронутые продукты
Ссылки
- CVE-2022-41218
- SUSE Bug 1202960
- SUSE Bug 1203606
- SUSE Bug 1205313
- SUSE Bug 1209225
Описание
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
Затронутые продукты
Ссылки
- CVE-2022-41848
- SUSE Bug 1203987
- SUSE Bug 1211484
- SUSE Bug 1212317