Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:4520-1 Important: Kernel Live Patch 26 for SLE 12 SP5

suse
Calendar Grey December 17, 2022
Dist Suse Esm H88
SUSE Security Update: Linux Kernel Live Patch 27 addresses 5 vulnerabilities, featuring critical memory leaks and integer underflows.
An update that fixes 6 vulnerabilities is now available

Summary

This update for the Linux Kernel 4.12.14-122_103 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960).

Topics%20covered

Topics Covered

security advisory buffer overflow DoS kernel patch important stack overflow SUSE Linux Enterprise

References

#1203008 #1203606 #1204424 #1204576 #1205130

#1206228

Cross- CVE-2022-2964 CVE-2022-3545 CVE-2022-3586

CVE-2022-41218 CVE-2022-4378 CVE-2022-43945

CVSS scores:

CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4520-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow DoS kernel patch important stack overflow SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here