Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4038-1

Опубликовано: 16 нояб. 2022
Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-150300_59_98 fixes several issues.

The following security issues were fixed:

  • CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
  • CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-150200_24_134-default-2-150200.2.1
SUSE Linux Enterprise Live Patching 15 SP3
kernel-livepatch-5_3_18-150300_59_98-default-2-150300.2.1

Ссылки

Описание

In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_134-default-2-150200.2.1
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_98-default-2-150300.2.1
Ссылки

Описание

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_134-default-2-150200.2.1
SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_98-default-2-150300.2.1
Ссылки