Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2022:0291-1 Important: Linux Kernel Live Patch Critical Issues

suse
Calendar Grey February 2, 2022
Dist Suse Esm H88
SUSE Critical Update for Kernel Live Patch resolves significant vulnerabilities, boosting system security through 9 enhancements.
An update that fixes 9 vulnerabilities is now available

Summary

This update for the Linux Kernel 5.3.18-24_52 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to

Topics%20covered

Topics Covered

security advisory buffer overflow local privilege escalation important system integrity WLAN Linux Kernel

References

#1186061 #1191529 #1192036 #1194461 #1194680

#1194737

Cross- CVE-2020-25670 CVE-2020-25671 CVE-2020-25672

CVE-2020-25673 CVE-2020-3702 CVE-2021-23134

CVE-2021-4154 CVE-2021-42739 CVE-2022-0185

CVSS scores:

CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0291-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow local privilege escalation important system integrity WLAN Linux Kernel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here