Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:0763-1 Critical: Addressing Kernel Vulnerabilities

suse
Calendar Grey March 8, 2022
Dist Suse Esm H88
Boost the robustness and dependability of your kernel through the latest patches from SUSE, addressing multiple vulnerabilities and correcting errors.
An update that solves three vulnerabilities, contains three features and has 43 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes).

Topics%20covered

Topics Covered

security advisory critical kernel system update bug fixes SUSE Linux CVE mitigation

References

#1089644 #1154353 #1157038 #1157923 #1176447

#1176940 #1178134 #1181147 #1181588 #1183872

#1187716 #1188404 #1189126 #1190812 #1190972

#1191580 #1191655 #1191741 #1192210 #1192483

#1193096 #1193233 #1193243 #1193787 #1194163

#1194967 #1195012 #1195081 #1195286 #1195352

#1195378 #1195506 #1195668 #1195701 #1195798

#1195799 #1195823 #1195928 #1195957 #1195995

#1196195 #1196235 #1196339 #1196400 #1196516

#1196584 SLE-20807 SLE-22135 SLE-22494

Cross- CVE-2022-0001 CVE-2022-0002 CVE-2022-25375

CVSS scores:

CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0763-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical kernel system update bug fixes SUSE Linux CVE mitigation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here