Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:0555-1 Important: Security Concern in RT Kernel Update

suse
Calendar Grey February 22, 2022
Dist Suse Esm H88
Important security patch for SUSE’s RT Kernel addresses 16 vulnerabilities; immediate system reboot necessary. Update your systems!
An update that solves 16 vulnerabilities and has 31 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-24448: Fixed an issue inside fs/nfs/dir.c if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup (bnc#1195612). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).

Topics%20covered

Topics Covered

security advisory security issue critical remote code execution information disclosure SUSE Linux Enterprise RT kernel

References

#1065729 #1071995 #1082555 #1163405 #1177599

#1183405 #1184209 #1185377 #1186207 #1186222

#1187428 #1187723 #1188605 #1190973 #1192729

#1193096 #1193234 #1193235 #1193242 #1193507

#1193660 #1193669 #1193727 #1193767 #1193861

#1193864 #1193867 #1193927 #1194001 #1194027

#1194048 #1194227 #1194302 #1194410 #1194493

#1194516 #1194529 #1194814 #1194880 #1194888

#1194965 #1194985 #1195065 #1195073 #1195254

#1195272 #1195612

Cross- CVE-2020-28097 CVE-2021-3564 CVE-2021-39648

CVE-2021-39657 CVE-2021-4083 CVE-2021-4135

CVE-2021-4149 CVE-2021-4197 CVE-2021-4202

CVE-2021-44733 CVE-2021-45095 CVE-2022-0322

CVE-2022-0330 CVE-2022-0435 CVE-2022-22942

CVE-2022-24448

CVSS scores:

CVE-2020-28097 (NVD...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0555-1
Rating: critical

Topics%20covered

Topics Covered

security advisory security issue critical remote code execution information disclosure SUSE Linux Enterprise RT kernel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here