Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 585
Alerts This Week
Warning Icon 1 585

SUSE: 2022:1267-1 Important: Linux Kernel Buffer Overflow and DoS

suse
Calendar Grey April 19, 2022
Dist Suse Esm H88
This notice outlines the significant update to the SUSE kernel, targeting numerous pressing vulnerabilities that demand prompt action.
An update that solves 20 vulnerabilities, contains one feature and has 7 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack

References

#1180153 #1189562 #1193738 #1194943 #1195051

#1195353 #1196018 #1196114 #1196468 #1196488

#1196514 #1196573 #1196639 #1196761 #1196830

#1196836 #1196942 #1196973 #1197211 #1197227

#1197331 #1197366 #1197391 #1197462 #1198031

#1198032 #1198033 SLE-18234

Cross- CVE-2021-39713 CVE-2021-45868 CVE-2022-0812

CVE-2022-0850 CVE-2022-1016 CVE-2022-1048

CVE-2022-23036 CVE-2022-23037 CVE-2022-23038

CVE-2022-23039 CVE-2022-23040 CVE-2022-23041

CVE-2022-23042 CVE-2022-26490 CVE-2022-26966

CVE-2022-27666 CVE-2022-28356 CVE-2022-28388

CVE-2022-28389 CVE-2022-28390

CVSS scores:

CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1267-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.