openSUSE 15.3/15.4: 2022:0760-1 Important: Kernel Privilege Escalation Fix
opensuse
March 8, 2022
An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available
Description
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
Transient execution side-channel attacks attacking the Branch History
Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
History Injection" are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability
(bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
(bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could
overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the
RNDIS_MSG_SET command. Attackers can obtain sensitive information from
kernel memory (bnc#1196235 ).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
release_agent feature, which allowed bypassing namespace isolation
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-760=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-760=1
Package List
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.54.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
dlm-kmp-preempt-5.3.18-150300.59.54.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
gfs2-kmp-preempt-5.3.18-150300.59.54.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-5.3.18-150300.59.54.1
kernel-preempt-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-debugsource-5.3.18-150300.59.54.1
kernel-preempt-devel-5.3.18-150300.59.54.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-extra-5.3.18-150300.59.54.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.54.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.54.1
kernel-preempt-optional-5.3.18-150300.59.54.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.54.1
kselftests-kmp-preempt-5.3.18-150300.59.54.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
ocfs2-kmp-preempt-5.3.18-150300.59.54.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.54.1
reiserfs-kmp-preempt-5.3.18-150300.59....
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2022-0001.html
https://www.suse.com/security/cve/CVE-2022-0002.html
https://www.suse.com/security/cve/CVE-2022-0492.html
https://www.suse.com/security/cve/CVE-2022-0516.html
https://www.suse.com/security/cve/CVE-2022-0847.html
https://www.suse.com/security/cve/CVE-2022-25375.html
https://bugzilla.suse.com/1089644
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1157038
https://bugzilla.suse.com/1157923
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176940
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1181147
https://bugzilla.suse.com/1181588
https://bugzilla.suse.com/1183872
https://bugzilla.suse.com/1187716
https://bugzilla.suse.com/1188404
https://bugzilla.suse.com/1189126
https://bugzilla.suse.com/1190812
https://bugzilla.suse.com/1190972
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1191655
https://bugzilla.suse.com/1191741
https://bugzilla.suse.com/1192210
https://bugzilla.suse.com/1192483
https://bugzilla.suse.com/1...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2022:0760-1
Rating: important
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!