What Are You Looking For?

Sign Up

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:14905-1
Rating:             important
References:         #1171420 #1179599 #1190025 #1191580 #1193157 
                    #1193669 #1193867 #1194272 #1195109 #1195543 
                    #1195908 #1196079 #1196612 
Cross-References:   CVE-2019-0136 CVE-2020-12770 CVE-2020-27820
                    CVE-2021-3753 CVE-2021-4155 CVE-2021-45095
                    CVE-2022-0001 CVE-2022-0002 CVE-2022-0492
                    CVE-2022-0617
CVSS scores:
                    CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
                    CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
                    CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
                    CVE-2021-3753 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Server 11-SP4-LTSS
______________________________________________________________________________

   An update that solves 10 vulnerabilities and has three
   fixes is now available.

Description:

   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.


   Transient execution side-channel attacks attacking the Branch History
   Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
   History Injection" are now mitigated.

   The following security bugs were fixed:

   - CVE-2022-0001: Fixed Branch History Injection vulnerability
     (bsc#1191580).
   - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
     (bsc#1191580).
   - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases
     (bsc#1171420).
   - CVE-2022-0617: Fixed a null pointer dereference in UDF file system
     functionality. A local user could crash the system by triggering
     udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
   - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
     release_agent feature, which allowed bypassing namespace isolation
     unexpectedly (bsc#1195543).
   - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in
     net/phonet/pep.c (bsc#1193867).
   - CVE-2021-4155: Fixed a data leak flaw that allows a local attacker to
     leak data on the XFS filesystem (bsc#1194272).
   - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in
     nouveau's postclose() handler could happen if removing device
     (bsc#1179599).
   - CVE-2019-0136: Fixed an insufficient access control which allow an
     unauthenticated user to execute a denial of service (bsc#1193157).
   - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling
     (bsc#1190025).

   The following non-security bugs were fixed:

   - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
   - md: check the return of mddev_find() (bsc#1195109).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-LTSS:

      zypper in -t patch slessp4-kernel-14905=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-14905=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-14905=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.135.1
      kernel-default-base-3.0.101-108.135.1
      kernel-default-devel-3.0.101-108.135.1
      kernel-source-3.0.101-108.135.1
      kernel-syms-3.0.101-108.135.1
      kernel-trace-3.0.101-108.135.1
      kernel-trace-base-3.0.101-108.135.1
      kernel-trace-devel-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-108.135.1
      kernel-ec2-base-3.0.101-108.135.1
      kernel-ec2-devel-3.0.101-108.135.1
      kernel-xen-3.0.101-108.135.1
      kernel-xen-base-3.0.101-108.135.1
      kernel-xen-devel-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64):

      kernel-bigmem-3.0.101-108.135.1
      kernel-bigmem-base-3.0.101-108.135.1
      kernel-bigmem-devel-3.0.101-108.135.1
      kernel-ppc64-3.0.101-108.135.1
      kernel-ppc64-base-3.0.101-108.135.1
      kernel-ppc64-devel-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x):

      kernel-default-man-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586):

      kernel-pae-3.0.101-108.135.1
      kernel-pae-base-3.0.101-108.135.1
      kernel-pae-devel-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.135.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.135.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.135.1
      kernel-default-debugsource-3.0.101-108.135.1
      kernel-trace-debuginfo-3.0.101-108.135.1
      kernel-trace-debugsource-3.0.101-108.135.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.135.1
      kernel-trace-devel-debuginfo-3.0.101-108.135.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.135.1
      kernel-ec2-debugsource-3.0.101-108.135.1
      kernel-xen-debuginfo-3.0.101-108.135.1
      kernel-xen-debugsource-3.0.101-108.135.1
      kernel-xen-devel-debuginfo-3.0.101-108.135.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.135.1
      kernel-bigmem-debugsource-3.0.101-108.135.1
      kernel-ppc64-debuginfo-3.0.101-108.135.1
      kernel-ppc64-debugsource-3.0.101-108.135.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.135.1
      kernel-pae-debugsource-3.0.101-108.135.1
      kernel-pae-devel-debuginfo-3.0.101-108.135.1


References:

   https://www.suse.com/security/cve/CVE-2019-0136.html
   https://www.suse.com/security/cve/CVE-2020-12770.html
   https://www.suse.com/security/cve/CVE-2020-27820.html
   https://www.suse.com/security/cve/CVE-2021-3753.html
   https://www.suse.com/security/cve/CVE-2021-4155.html
   https://www.suse.com/security/cve/CVE-2021-45095.html
   https://www.suse.com/security/cve/CVE-2022-0001.html
   https://www.suse.com/security/cve/CVE-2022-0002.html
   https://www.suse.com/security/cve/CVE-2022-0492.html
   https://www.suse.com/security/cve/CVE-2022-0617.html
   https://bugzilla.suse.com/1171420
   https://bugzilla.suse.com/1179599
   https://bugzilla.suse.com/1190025
   https://bugzilla.suse.com/1191580
   https://bugzilla.suse.com/1193157
   https://bugzilla.suse.com/1193669
   https://bugzilla.suse.com/1193867
   https://bugzilla.suse.com/1194272
   https://bugzilla.suse.com/1195109
   https://bugzilla.suse.com/1195543
   https://bugzilla.suse.com/1195908
   https://bugzilla.suse.com/1196079
   https://bugzilla.suse.com/1196612

SUSE: 2022:14905-1 important: the Linux Kernel

March 8, 2022
An update that solves 10 vulnerabilities and has three fixes is now available

Summary

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bsc#1193867). - CVE-2021-4155: Fixed a data leak flaw that allows a local attacker to leak data on the XFS filesystem (bsc#1194272). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service (bsc#1193157). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). The following non-security bugs were fixed: - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - md: check the return of mddev_find() (bsc#1195109).

References

#1171420 #1179599 #1190025 #1191580 #1193157

#1193669 #1193867 #1194272 #1195109 #1195543

#1195908 #1196079 #1196612

Cross- CVE-2019-0136 CVE-2020-12770 CVE-2020-27820

CVE-2021-3753 CVE-2021-4155 CVE-2021-45095

CVE-2022-0001 CVE-2022-0002 CVE-2022-0492

CVE-2022-0617

CVSS scores:

CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

CVE-2021-3753 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Server 11-EXTRA

SUSE Linux Enterprise Server 11-SP4-LTSS

https://www.suse.com/security/cve/CVE-2019-0136.html

https://www.suse.com/security/cve/CVE-2020-12770.html

https://www.suse.com/security/cve/CVE-2020-27820.html

https://www.suse.com/security/cve/CVE-2021-3753.html

https://www.suse.com/security/cve/CVE-2021-4155.html

https://www.suse.com/security/cve/CVE-2021-45095.html

https://www.suse.com/security/cve/CVE-2022-0001.html

https://www.suse.com/security/cve/CVE-2022-0002.html

https://www.suse.com/security/cve/CVE-2022-0492.html

https://www.suse.com/security/cve/CVE-2022-0617.html

https://bugzilla.suse.com/1171420

https://bugzilla.suse.com/1179599

https://bugzilla.suse.com/1190025

https://bugzilla.suse.com/1191580

https://bugzilla.suse.com/1193157

https://bugzilla.suse.com/1193669

https://bugzilla.suse.com/1193867

https://bugzilla.suse.com/1194272

https://bugzilla.suse.com/1195109

https://bugzilla.suse.com/1195543

https://bugzilla.suse.com/1195908

https://bugzilla.suse.com/1196079

https://bugzilla.suse.com/1196612

Severity
Announcement ID: SUSE-SU-2022:14905-1
Rating: important

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo