Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:0293-1 Critical: Kernel Update Fixes Local Escalation and DoS

suse
Calendar Grey February 2, 2022
Dist Suse Esm H88
Crucial SUSE Security Patch tackles kernel vulnerabilities for SLE 15 SP3 by implementing vital fixes for various security risks.
An update that fixes 10 vulnerabilities is now available

Summary

This update for the Linux Kernel 5.3.18-57 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673,

Topics%20covered

Topics Covered

security advisory security update privilege escalation DoS kernel patch SUSE local escalation

References

#1186061 #1191529 #1192036 #1193529 #1194461

#1194680 #1194737

Cross- CVE-2020-25670 CVE-2020-25671 CVE-2020-25672

CVE-2020-25673 CVE-2020-3702 CVE-2021-23134

CVE-2021-4028 CVE-2021-4154 CVE-2021-42739

CVE-2022-0185

CVSS scores:

CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0293-1
Rating: important

Topics%20covered

Topics Covered

security advisory security update privilege escalation DoS kernel patch SUSE local escalation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here