SUSE: 2022:1037-1 Critical: Linux Kernel Local Privilege Escalation

suse

March 30, 2022

An update that solves 12 vulnerabilities and has 25 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a

Topics Covered

security advisory buffer overflow kernel update critical local privilege escalation system patch SUSE

References

#1176447 #1176774 #1178134 #1179439 #1181147

#1191428 #1192273 #1193731 #1193787 #1193864

#1194463 #1194516 #1195211 #1195254 #1195403

#1195612 #1195897 #1195905 #1195939 #1195949

#1195987 #1196079 #1196095 #1196132 #1196155

#1196299 #1196301 #1196433 #1196468 #1196472

#1196627 #1196723 #1196779 #1196830 #1196836

#1196866 #1196868

Cross- CVE-2021-0920 CVE-2021-39657 CVE-2021-44879

CVE-2022-0487 CVE-2022-0617 CVE-2022-0644

CVE-2022-24448 CVE-2022-24958 CVE-2022-24959

CVE-2022-25258 CVE-2022-25636 CVE-2022-26490

CVSS scores:

CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:1037-1

Rating: important

Topics Covered

security advisory buffer overflow kernel update critical local privilege escalation system patch SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:1037-1 Critical: Linux Kernel Local Privilege Escalation

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:1037-1 Critical: Linux Kernel Local Privilege Escalation

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!