openSUSE: 2022:2549-1 Important: Kernel Update Addresses Multiple Threats
opensuse
September 1, 2022
An update that solves 11 vulnerabilities and has 49 fixes is now available
Description
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre
like Branch Target Buffer attack, that can leak arbitrary kernel
information (bsc#1199657).
- CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that
could be used by a local attacker to escalate privileges (bnc#1201171).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond
unconditional direct branches, which may potentially result in data
leakage (bsc#1201050).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in
the way a user forces the ath9k_htc_wait_for_target function to fail
with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input
validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
-...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2549=1
Package List
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kernel-default-5.3.18-150300.59.87.1
kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
kernel-default-debuginfo-5.3.18-150300.59.87.1
kernel-default-debugsource-5.3.18-150300.59.87.1
References
https://www.suse.com/security/cve/CVE-2021-26341.html
https://www.suse.com/security/cve/CVE-2021-4157.html
https://www.suse.com/security/cve/CVE-2022-1012.html
https://www.suse.com/security/cve/CVE-2022-1679.html
https://www.suse.com/security/cve/CVE-2022-20132.html
https://www.suse.com/security/cve/CVE-2022-20141.html
https://www.suse.com/security/cve/CVE-2022-20154.html
https://www.suse.com/security/cve/CVE-2022-29900.html
https://www.suse.com/security/cve/CVE-2022-29901.html
https://www.suse.com/security/cve/CVE-2022-33981.html
https://www.suse.com/security/cve/CVE-2022-34918.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1179195
https://bugzilla.suse.com/1180814
https://bugzilla.suse.com/1184924
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1192761
https://bugzilla.suse.com/1193629
https://bugzilla.suse.com/1194013
https://bugzilla.suse.com/1195504
https://bugzilla.suse.com/1195775
https://bugzilla.suse.com/1196901
https://bugzilla.suse.com/1197362
https://bugzilla.suse.co...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2022:2549-1
Rating: important
Affected Products:
openSUSE Leap Micro 5.2
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!