Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

SUSE: 2022:1224-1 Important: Memory Issues in Linux Kernel

suse
Calendar Grey April 14, 2022
Dist Suse Esm H88
SUSE Security Patch for the Linux Kernel resolves vulnerabilities linked to buffer overrun & memory mishandling to improve overall system integrity.
An update that fixes two vulnerabilities is now available

Summary

This update for the Linux Kernel 5.3.18-150300_59_60 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1196959 #1197133

Cross- CVE-2021-39698 CVE-2022-27666

CVSS scores:

CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products:

SUSE Linux Enterprise High Performance Computing 15-SP2

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Module for Live Patching 15-SP2

SUSE Linux Enterprise Module for Live Patching 15-SP3

SUSE Linux Enterprise Server 15-SP2

SUSE Linux Enterprise Server 15-SP3

SUSE Linux Enterprise Server for SAP Applications 15-SP2

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1224-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.