Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12-SP2 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677).
The following non-security bugs were fixed:
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
Ссылки
- Link for SUSE-SU-2022:3779-1
- E-Mail link for SUSE-SU-2022:3779-1
- SUSE Security Ratings
- SUSE Bug 1202677
- SUSE Bug 1202960
- SUSE Bug 1203552
- SUSE Bug 1203769
- SUSE CVE CVE-2022-2503 page
- SUSE CVE CVE-2022-3239 page
- SUSE CVE CVE-2022-3303 page
- SUSE CVE CVE-2022-41218 page
Описание
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
Затронутые продукты
Ссылки
- CVE-2022-2503
- SUSE Bug 1202677
Описание
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-3239
- SUSE Bug 1203552
Описание
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
Затронутые продукты
Ссылки
- CVE-2022-3303
- SUSE Bug 1203769
- SUSE Bug 1212304
Описание
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
Затронутые продукты
Ссылки
- CVE-2022-41218
- SUSE Bug 1202960
- SUSE Bug 1203606
- SUSE Bug 1205313
- SUSE Bug 1209225