Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:0298-1 Important Patch: Kernel Security Threat Fixes

suse
Calendar Grey February 2, 2022
Dist Suse Esm H88
This Ubuntu upgrade addresses four critical concerns, offering vital resolutions for Linux Kernel weaknesses impacting LTS 20.04.
An update that fixes three vulnerabilities is now available

Summary

This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and

Topics%20covered

Topics Covered

security advisory buffer overflow kernel patch important information disclosure SUSE

References

#1191529 #1192036 #1193863

Cross- CVE-2018-25020 CVE-2020-3702 CVE-2021-42739

CVSS scores:

CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Live Patching 12-SP4

https://www.suse.com/security/cve/CVE-2018-25020.html

https://www.suse.com/security/cve/CVE-2020-3702.html

https://www.suse.com/security/cve/CVE-2021-42739.html

https://bugzilla.suse.com/1191529

https://bugzilla.suse.com/1192036

https://bugzilla.suse.com/1193863

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0298-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow kernel patch important information disclosure SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here