Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

openSUSE Leap Micro 5.2 Security Update: Kernel Issues and Fixes

opensuse
Calendar Grey September 1, 2022
Dist Opensuse Esm H88
An important kernel enhancement has been released for openSUSE Leap Micro 5.2 addressing several serious security vulnerabilities and performance issues.
An update that solves four vulnerabilities and has 8 fixes is now available

Description

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.

This flaw allowed a local attacker with user access to cause a privilege

escalation issue. (bnc#1200015)

- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash

linux kernel by simulating nfc device from user-space. (bsc#1200143)

- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by

simulating an nfc device from user-space. (bsc#1200144)

- CVE-2020-26541: Enforce the secure boot forbidden signature database

(aka dbx) protection mechanism. (bnc#1177282)

- The following non-security bugs were fixed:

- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default

(git-fixes).

- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).

- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).

-...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation important linux kernel crash issue openSUSE Leap Micro

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap Micro 5.2:

zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2173=1

Package List

- openSUSE Leap Micro 5.2 (aarch64 x86_64):

kernel-default-5.3.18-150300.59.76.1

kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2

kernel-default-debuginfo-5.3.18-150300.59.76.1

kernel-default-debugsource-5.3.18-150300.59.76.1

References

https://www.suse.com/security/cve/CVE-2020-26541.html

https://www.suse.com/security/cve/CVE-2022-1966.html

https://www.suse.com/security/cve/CVE-2022-1974.html

https://www.suse.com/security/cve/CVE-2022-1975.html

https://bugzilla.suse.com/1177282

https://bugzilla.suse.com/1199365

https://bugzilla.suse.com/1200015

https://bugzilla.suse.com/1200143

https://bugzilla.suse.com/1200144

https://bugzilla.suse.com/1200206

https://bugzilla.suse.com/1200207

https://bugzilla.suse.com/1200249

https://bugzilla.suse.com/1200259

https://bugzilla.suse.com/1200263

https://bugzilla.suse.com/1200268

https://bugzilla.suse.com/1200529

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:2173-1
Rating: important
Affected Products: openSUSE Leap Micro 5.2 ble.

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation important linux kernel crash issue openSUSE Leap Micro

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here