Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
The following non-security bugs were fixed:
- crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
Список пакетов
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2022:0768-1
- SUSE Security Ratings
- SUSE Bug 1185973
- SUSE Bug 1191580
- SUSE Bug 1194516
- SUSE Bug 1195536
- SUSE Bug 1195543
- SUSE Bug 1195612
- SUSE Bug 1195840
- SUSE Bug 1195897
- SUSE Bug 1195908
- SUSE Bug 1195949
- SUSE Bug 1195987
- SUSE Bug 1196079
- SUSE Bug 1196155
- SUSE Bug 1196584
- SUSE Bug 1196612
- SUSE CVE CVE-2021-44879 page
- SUSE CVE CVE-2022-0001 page
- SUSE CVE CVE-2022-0002 page
Описание
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2021-44879
- SUSE Bug 1195987
Описание
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-0001
- SUSE Bug 1191580
- SUSE Bug 1196901
Описание
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-0002
- SUSE Bug 1191580
- SUSE Bug 1196901
Описание
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
Затронутые продукты
Ссылки
- CVE-2022-0487
- SUSE Bug 1194516
- SUSE Bug 1195949
- SUSE Bug 1198615
Описание
A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Затронутые продукты
Ссылки
- CVE-2022-0492
- SUSE Bug 1195543
- SUSE Bug 1195908
- SUSE Bug 1196612
- SUSE Bug 1196776
- SUSE Bug 1198615
- SUSE Bug 1199255
- SUSE Bug 1199615
- SUSE Bug 1200084
Описание
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
Затронутые продукты
Ссылки
- CVE-2022-0617
- SUSE Bug 1196079
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Затронутые продукты
Ссылки
- CVE-2022-0644
- SUSE Bug 1196155
Описание
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-0847
- SUSE Bug 1196584
- SUSE Bug 1196601
Описание
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
Затронутые продукты
Ссылки
- CVE-2022-24448
- SUSE Bug 1195612
Описание
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.
Затронутые продукты
Ссылки
- CVE-2022-24959
- SUSE Bug 1195897