Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:0345-2 Critical: Live Kernel Patch 15 Addressing Security Flaws

suse
Calendar Grey February 1, 2022
Dist Suse Esm H88
SUSE Security Update for the Linux Kernel (Live Patch 22 for SLE 15) fixes 8 vulnerabilities, enhancing OS security and protecting users from exploits
An update that fixes 8 vulnerabilities is now available

Summary

This update for the Linux Kernel 4.12.14-150_66 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060).

Topics%20covered

Topics Covered

security advisory buffer overflow important information disclosure linux kernel wlan live patch

References

#1186061 #1191529 #1192036 #1193863 #1194680

Cross- CVE-2018-25020 CVE-2020-25670 CVE-2020-25671

CVE-2020-25672 CVE-2020-25673 CVE-2020-3702

CVE-2021-23134 CVE-2021-42739

CVSS scores:

CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0255-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important information disclosure linux kernel wlan live patch

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here