Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:2584-1 Critical Update: U-Boot Vulnerabilities Addressed

suse
Calendar Grey July 29, 2022
Dist Suse Esm H88
U-Boot update resolves three significant vulnerabilities, tackling stack overflow and unauthorized writes in SUSE Linux environments.
An update that fixes three vulnerabilities is now available

Summary

This update for u-boot fixes the following issues: - CVE-2022-30790: Fixed an arbitrary out-of-bounds write in the IP defragmentation (bsc#1200364). - CVE-2022-30552: Fixed an out-of-bounds write in the IP defragmentation (bsc#1200363). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2584=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2584=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS:

Topics%20covered

Topics Covered

security advisory critical SUSE Linux stack overflow arbitrary write

References

#1200363 #1200364 #1201214

Cross- CVE-2022-30552 CVE-2022-30790 CVE-2022-34835

CVSS scores:

CVE-2022-30552 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVE-2022-30790 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP 15

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2584-1
Rating: critical

Topics%20covered

Topics Covered

security advisory critical SUSE Linux stack overflow arbitrary write

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here