Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:2854-1 Critical: Live Patching for Linux Kernel Addresses Issues

suse
Calendar Grey August 19, 2022
Dist Suse Esm H88
SUSE has rolled out a critical Security Update for the Linux Kernel, resolving 7 significant vulnerabilities essential for safeguarding system integrity. Ensure your systems remain protected!
An update that fixes 7 vulnerabilities is now available

Summary

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical kernel SUSE live patching

References

#1199606 #1201080 #1201222 #1201517 #1201629

#1201656 #1201657

Cross- CVE-2022-1679 CVE-2022-1734 CVE-2022-26490

CVE-2022-28389 CVE-2022-28390 CVE-2022-33743

CVE-2022-34918

CVSS scores:

CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2854-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical kernel SUSE live patching

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here