SUSE: 2022:3408-1 Critical Update for Kernel Security Vulnerabilities

suse

September 26, 2022

An update that solves 15 vulnerabilities and has 12 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).

Topics Covered

security advisory security issue kernel update moderate threat important fixes SUSE Linux Enterprise patch instructions

References

#1177440 #1180153 #1188944 #1191881 #1194535

#1196616 #1197158 #1199482 #1199665 #1201019

#1201420 #1201705 #1201726 #1201948 #1202096

#1202097 #1202154 #1202335 #1202346 #1202347

#1202393 #1202396 #1202672 #1202897 #1202898

#1203098 #1203107

Cross- CVE-2020-36516 CVE-2021-4203 CVE-2022-1012

CVE-2022-20368 CVE-2022-20369 CVE-2022-21385

CVE-2022-2588 CVE-2022-26373 CVE-2022-2639

CVE-2022-2663 CVE-2022-29581 CVE-2022-2977

CVE-2022-3028 CVE-2022-36879 CVE-2022-39188

CVSS scores:

CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:3408-1

Rating: important

Topics Covered

security advisory security issue kernel update moderate threat important fixes SUSE Linux Enterprise patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3408-1 Critical Update for Kernel Security Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3408-1 Critical Update for Kernel Security Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!