Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE Linux Kernel Update: 2022:2173-1 Critical Privilege Escalation Fix

suse
Calendar Grey June 24, 2022
Dist Suse Esm H88
SUSE has released a Security Patch that targets several high-severity vulnerabilities within the Linux Kernel, providing necessary fixes and comprehensive update guidelines.
An update that solves four vulnerabilities and has 8 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).

Topics%20covered

Topics Covered

security advisory kernel update critical privilege escalation important threat mitigation linux kernel

References

#1177282 #1199365 #1200015 #1200143 #1200144

#1200206 #1200207 #1200249 #1200259 #1200263

#1200268 #1200529

Cross- CVE-2020-26541 CVE-2022-1966 CVE-2022-1974

CVE-2022-1975

CVSS scores:

CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise High Availability 15-SP3

SUSE Linux Enterprise High Performance Computing

SUSE Linux Enterprise High Performance Computing 15-SP3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2173-1
Rating: important

Topics%20covered

Topics Covered

security advisory kernel update critical privilege escalation important threat mitigation linux kernel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here