Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2022:2770-1 Important: Multiple Kernel Security Fixes

suse
Calendar Grey August 10, 2022
Dist Suse Esm H88
An important enhancement for the Linux Kernel has been released, tackling several security flaws along with detailed patch guidance provided.
An update that fixes 6 vulnerabilities is now available

Summary

This update for the Linux Kernel 5.3.18-59_34 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail

Topics%20covered

Topics Covered

security advisory buffer overflow vulnerability important double free Linux Kernel SUSE Linux Enterprise

References

#1200605 #1201080 #1201222 #1201517 #1201656

#1201657

Cross- CVE-2022-1679 CVE-2022-20141 CVE-2022-26490

CVE-2022-28389 CVE-2022-28390 CVE-2022-34918

CVSS scores:

CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2770-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow vulnerability important double free Linux Kernel SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here