UBUNTU: 2022:0867-2 Critical: Kernel Security Patch And Resolutions
suse
March 8, 2022
An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available
Summary
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
References
#1189126 #1191580 #1192483 #1194516 #1195254
#1195286 #1195516 #1195543 #1195612 #1195701
#1195897 #1195905 #1195908 #1195947 #1195949
#1195987 #1195995 #1196079 #1196095 #1196132
#1196155 #1196235 #1196584 #1196601 #1196612
#1196776 SLE-23652
Cross- CVE-2021-44879 CVE-2022-0001 CVE-2022-0002
CVE-2022-0487 CVE-2022-0492 CVE-2022-0516
CVE-2022-0617 CVE-2022-0644 CVE-2022-0847
CVE-2022-24448 CVE-2022-24958 CVE-2022-24959
CVE-2022-25258 CVE-2022-25375
CVSS scores:
CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N...
Read the Full Advisory
PREVIOUS 
NEXT Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!