Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:0363-1 Critical: Linux Kernel Remote Exploit and Local DoS Risk

suse
Calendar Grey February 10, 2022
Dist Suse Esm H88
SUSE Linux Kernel's latest update fixes 12 issues, boosting system security. Immediate installation is recommended.
An update that solves 12 vulnerabilities and has 20 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race

Topics%20covered

Topics Covered

security advisory remote exploit critical Denial of Service Linux Kernel SUSE Linux Enterprise SUSE update

References

#1154353 #1154488 #1160634 #1176447 #1177599

#1183405 #1185377 #1187428 #1187723 #1188605

#1191881 #1193096 #1193506 #1193767 #1193802

#1193861 #1193864 #1193867 #1194048 #1194227

#1194291 #1194880 #1195009 #1195062 #1195065

#1195073 #1195183 #1195184 #1195254 #1195267

#1195293 #1195371

Cross- CVE-2020-28097 CVE-2021-22600 CVE-2021-39648

CVE-2021-39657 CVE-2021-39685 CVE-2021-4159

CVE-2021-44733 CVE-2021-45095 CVE-2022-0286

CVE-2022-0330 CVE-2022-0435 CVE-2022-22942

CVSS scores:

CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0363-1
Rating: critical

Topics%20covered

Topics Covered

security advisory remote exploit critical Denial of Service Linux Kernel SUSE Linux Enterprise SUSE update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here