Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:3693-1 Critical: Security Update for Kernel Released

suse
Calendar Grey October 22, 2022
Dist Suse Esm H88
SUSE announces a critical kernel upgrade that resolves various security vulnerabilities. Detailed installation guidelines provided.
An update that solves 7 vulnerabilities, contains one feature and has one errata is now available

Summary

The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-20008: Fixed local information disclosure due to possibility to read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to

Topics%20covered

Topics Covered

security advisory security issue kernel update important system fix SUSE Linux Linux Kernel

References

#1199564 #1200288 #1201309 #1202677 #1202960

#1203552 #1203769 #1203987 PED-529

Cross- CVE-2022-20008 CVE-2022-2503 CVE-2022-32296

CVE-2022-3239 CVE-2022-3303 CVE-2022-41218

CVE-2022-41848

CVSS scores:

CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3693-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue kernel update important system fix SUSE Linux Linux Kernel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here