openSUSE Leap 15.3: 2022:1037-1 Important Kernel Fixes and Security Issues
opensuse
March 30, 2022
An update that solves 12 vulnerabilities and has 25 fixes is now available
Description
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-25636: Fixed an issue which allowed a local users to gain
privileges because of a heap out-of-bounds write in nf_dup_netdev.c,
related to nf_tables_offload (bsc#1196299).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An
attacker with adjacent NFC access could trigger crash the system or
corrupt system memory (bsc#1196830).
- CVE-2022-0487: A use-after-free vulnerability was found in
rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c
(bsc#1194516).
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY
flag, and tries to open a regular file, nfs_atomic_open() performs a
regular lookup. If a regular file is found, ENOTDIR should have occured,
but the server instead returned uninitialized data in the file
descriptor...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1037=1
Package List
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.50.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.50.1
dlm-kmp-azure-5.3.18-150300.38.50.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.50.1
gfs2-kmp-azure-5.3.18-150300.38.50.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.50.1
kernel-azure-5.3.18-150300.38.50.1
kernel-azure-debuginfo-5.3.18-150300.38.50.1
kernel-azure-debugsource-5.3.18-150300.38.50.1
kernel-azure-devel-5.3.18-150300.38.50.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.50.1
kernel-azure-extra-5.3.18-150300.38.50.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.50.1
kernel-azure-livepatch-devel-5.3.18-150300.38.50.1
kernel-azure-optional-5.3.18-150300.38.50.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.50.1
kernel-syms-azure-5.3.18-150300.38.50.1
kselftests-kmp-azure-5.3.18-150300.38.50.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.50.1
ocfs2-kmp-azure-5.3.18-150300.38.50.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.50.1
reiserfs-kmp-azure-5.3.18-150300.38.50.1
reiserf...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2021-0920.html
https://www.suse.com/security/cve/CVE-2021-39657.html
https://www.suse.com/security/cve/CVE-2021-44879.html
https://www.suse.com/security/cve/CVE-2022-0487.html
https://www.suse.com/security/cve/CVE-2022-0617.html
https://www.suse.com/security/cve/CVE-2022-0644.html
https://www.suse.com/security/cve/CVE-2022-24448.html
https://www.suse.com/security/cve/CVE-2022-24958.html
https://www.suse.com/security/cve/CVE-2022-24959.html
https://www.suse.com/security/cve/CVE-2022-25258.html
https://www.suse.com/security/cve/CVE-2022-25636.html
https://www.suse.com/security/cve/CVE-2022-26490.html
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176774
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1179439
https://bugzilla.suse.com/1181147
https://bugzilla.suse.com/1191428
https://bugzilla.suse.com/1192273
https://bugzilla.suse.com/1193731
https://bugzilla.suse.com/1193787
https://bugzilla.suse.com/1193864
https://bugzilla.suse.com/1194463
https...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2022:1037-1
Rating: important
Affected Products:
openSUSE Leap 15.3
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!