Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE: 2022:0543-1 Critical: RT Kernel Remote Stack Overflow and DoS

suse
Calendar Grey February 21, 2022
Dist Suse Esm H88
Critical patch release for SUSE Linux RT Kernel, addressing multiple security flaws. System restart necessary following the update.
An update that solves 9 vulnerabilities and has 29 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in

Topics%20covered

Topics Covered

security advisory denial of service security update critical kernel issue SUSE Linux Enterprise remote stack overflow

References

#1154353 #1154488 #1156395 #1160634 #1176447

#1177599 #1183405 #1185377 #1187428 #1187723

#1188605 #1191881 #1193096 #1193506 #1193802

#1193861 #1193864 #1193867 #1194048 #1194227

#1194291 #1194880 #1195009 #1195065 #1195073

#1195183 #1195184 #1195254 #1195267 #1195293

#1195371 #1195476 #1195477 #1195478 #1195479

#1195480 #1195481 #1195482

Cross- CVE-2020-28097 CVE-2021-22600 CVE-2021-39648

CVE-2021-39657 CVE-2021-39685 CVE-2021-45095

CVE-2022-0286 CVE-2022-0330 CVE-2022-22942

CVSS scores:

CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0543-1
Rating: critical

Topics%20covered

Topics Covered

security advisory denial of service security update critical kernel issue SUSE Linux Enterprise remote stack overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here