Описание
Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues.
The following security issues were fixed:
- CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1
Ссылки
- Link for SUSE-SU-2023:0280-1
- E-Mail link for SUSE-SU-2023:0280-1
- SUSE Security Ratings
- SUSE Bug 1205186
- SUSE Bug 1206373
- SUSE CVE CVE-2022-2602 page
- SUSE CVE CVE-2022-4379 page
Описание
io_uring UAF, Unix SCM garbage collection
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1
Ссылки
- CVE-2022-2602
- SUSE Bug 1204228
- SUSE Bug 1205186
Описание
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1
Ссылки
- CVE-2022-4379
- SUSE Bug 1206209
- SUSE Bug 1206373