Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 12 SP3: 2022:0328-1 Important Kernel Patch for Critical Issues

suse
Calendar Grey February 4, 2022
Dist Suse Esm H88
The latest SUSE Linux Kernel update addresses critical vulnerabilities aimed at improving overall system security and performance.
An update that fixes four vulnerabilities is now available

Summary

This update for the Linux Kernel 4.4.180-94_147 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service. (bsc#1193157)

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical kernel SUSE

References

#1191529 #1192036 #1193161 #1193863

Cross- CVE-2018-25020 CVE-2019-0136 CVE-2020-3702

CVE-2021-42739

CVSS scores:

CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server 12-SP3-LTSS

https://www.suse.com/security/cve/CVE-2018-25020.html

https://www.suse.com/security/cve/CVE-2019-0136.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0328-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical kernel SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here