Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE: 2022:3291-1 Important: Linux Kernel Security Issues Fixed

suse
Calendar Grey September 16, 2022
Dist Suse Esm H88
Important release for SUSE Linux Kernel resolves 13 vulnerabilities, featuring guidelines for applying fixes and system restart.
An update that solves 13 vulnerabilities and has 10 fixes is now available

Summary

The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed

References

#1169514 #1177440 #1188944 #1191881 #1194535

#1196616 #1201019 #1201420 #1201705 #1201726

#1201948 #1202096 #1202097 #1202154 #1202346

#1202347 #1202393 #1202396 #1202672 #1202897

#1202898 #1203098 #1203107

Cross- CVE-2020-36516 CVE-2021-4203 CVE-2022-20368

CVE-2022-20369 CVE-2022-21385 CVE-2022-2588

CVE-2022-26373 CVE-2022-2639 CVE-2022-2663

CVE-2022-2977 CVE-2022-3028 CVE-2022-36879

CVE-2022-39188

CVSS scores:

CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3291-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.