Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE 2022:0762-1 Important Update: Linux Kernel Critical Issues Fixed

suse
Calendar Grey March 8, 2022
Dist Suse Esm H88
SUSE launches a major kernel update addressing 7 security vulnerabilities. Essential patches and guidelines are provided.
An update that solves 7 vulnerabilities and has 5 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1

Topics%20covered

Topics Covered

security advisory important fixes threat mitigation SUSE linux kernel system reboot

References

#1146312 #1185973 #1191580 #1193731 #1194463

#1195536 #1195543 #1195612 #1195908 #1195939

#1196079 #1196612

Cross- CVE-2016-10905 CVE-2021-0920 CVE-2022-0001

CVE-2022-0002 CVE-2022-0492 CVE-2022-0617

CVE-2022-24448

CVSS scores:

CVE-2016-10905 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2016-10905 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0762-1
Rating: important

Topics%20covered

Topics Covered

security advisory important fixes threat mitigation SUSE linux kernel system reboot

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here