Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE 2022:3810-2 Critical: Security Vulnerabilities Remediation

suse
Calendar Grey October 31, 2022
Dist Suse Esm H88
SUSE Security Patch released to tackle severe kernel vulnerabilities, providing remedies for local privilege escalations and data exposure risks.
An update that solves 10 vulnerabilities and has 15 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel rt was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).

Topics%20covered

Topics Covered

security advisory local exploit important SUSE DoS fix security patches kernel information leak

References

#1032323 #1124235 #1129770 #1154048 #1190317

#1199564 #1201309 #1202385 #1202677 #1202960

#1203142 #1203198 #1203254 #1203290 #1203322

#1203410 #1203424 #1203462 #1203514 #1203552

#1203769 #1203802 #1203935 #1203987 #1204166

Cross- CVE-2022-20008 CVE-2022-2503 CVE-2022-3169

CVE-2022-3239 CVE-2022-3303 CVE-2022-3424

CVE-2022-40307 CVE-2022-40768 CVE-2022-41218

CVE-2022-41848

CVSS scores:

CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3810-1
Rating: important

Topics%20covered

Topics Covered

security advisory local exploit important SUSE DoS fix security patches kernel information leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here