SUSE: 2022:3704-1 Important: Kernel Update Addresses Major Threats

suse

October 24, 2022

An update that solves 15 vulnerabilities, contains one feature and has three fixes is now available

Summary

The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and

Topics Covered

security advisory kernel update remote code execution important SUSE security fixes local information disclosure

References

#1177471 #1199564 #1200288 #1201309 #1201310

#1202095 #1202385 #1202677 #1202960 #1203552

#1203622 #1203769 #1203770 #1203987 #1203992

#1204051 #1204059 #1204060 PED-529

Cross- CVE-2020-16119 CVE-2022-20008 CVE-2022-2503

CVE-2022-2586 CVE-2022-32296 CVE-2022-3239

CVE-2022-3303 CVE-2022-41218 CVE-2022-41222

CVE-2022-41674 CVE-2022-41848 CVE-2022-41849

CVE-2022-42719 CVE-2022-42720 CVE-2022-42721

CVSS scores:

CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:3704-1

Rating: important

Topics Covered

security advisory kernel update remote code execution important SUSE security fixes local information disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3704-1 Important: Kernel Update Addresses Major Threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3704-1 Important: Kernel Update Addresses Major Threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!