Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE: 2022:0169-1 Important Kernel Update Critical Denial of Service

suse
Calendar Grey January 25, 2022
Scroller Suse
Vital Debian patch addresses numerous vulnerabilities in the OS core, boosting protection, and incorporates pivotal updates.
An update that solves 10 vulnerabilities and has 32 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a

References

#1065729 #1071995 #1154353 #1154492 #1156395

#1167773 #1176447 #1176774 #1177437 #1190256

#1191271 #1191929 #1192931 #1193255 #1193328

#1193660 #1193669 #1193727 #1193901 #1193927

#1194001 #1194027 #1194087 #1194094 #1194302

#1194493 #1194516 #1194517 #1194518 #1194529

#1194578 #1194580 #1194584 #1194586 #1194587

#1194589 #1194590 #1194591 #1194592 #1194888

#1194953 #1194985

Cross- CVE-2021-4083 CVE-2021-4135 CVE-2021-4149

CVE-2021-4197 CVE-2021-4202 CVE-2021-45485

CVE-2021-45486 CVE-2021-46283 CVE-2022-0185

CVE-2022-0322

CVSS scores:

CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-4149 (SUSE): 4.7 CVSS...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0169-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.