Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
100
security advisorycriticalvulnerabilitySUSE: 2025:0177-1 important: Linux Kernel live patch for SLE 15 SP5
* bsc#1232637 * bsc#1233712 Cross-References: * CVE-2022-48956 . # Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:0177-1 Release Date: 2025-01-17T19:33:28Z Rating: important References: * bsc#1232637 * bsc#1233712 Cross-References: * CVE-2022-48956 * CVE-2024-50264 CVSS scores: * CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues. The following security issues were fixed: * CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (bsc#1233712). * CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-174=1SUSE-SLE- Module-Live-Patching-15-SP5-2025-175=1 SUSE-SLE-Module-Live- Patching-15-SP5-2025-176=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-175=1 SUSE-2025-176=1 SUSE-2025-174=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-177=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_8-debugsource-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_19-debugsource-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_83-default-2-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_39-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-2-150500.11.6.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_8-debugsource-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_19-debugsource-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_83-default-2-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_39-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-2-150500.11.6.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_228-default-2-8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48956.html * https://www.suse.com/security/cve/CVE-2024-50264.html * https://bugzilla.suse.com/show_bug.cgi?id=1232637 *https://bugzilla.suse.com/show_bug.cgi?id=1233712 . Essential patches for Linux Kernel targeting security flaws in SLE 15 SP5 strengthen both resilience and protection.. SUSE Live Patch, Linux Kernel Update, Security Fix, Kernel Patching. . Severity: Important. LinuxSecurity.com Team
Jan 17, 2025
•Important
SuSE
100
security advisorydenial of servicecriticalSUSE 15 SP5: 2024:1273-1 important: kernel denial of service
* bsc#1219296 Cross-References: * CVE-2023-52340 . # Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:1273-1 Rating: important References: * bsc#1219296 Cross-References: * CVE-2023-52340 CVSS scores: * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_35 fixes one issue. The following security issue was fixed: * CVE-2023-52340: Fixed ICMPv6 âPacket Too Bigâ packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-1273=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-1273=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_35-rt-2-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-2-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-2-150500.11.8.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_35-rt-2-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-2-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-2-150500.11.8.1 ## References: *https://www.suse.com/security/cve/CVE-2023-52340.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 . Updates deployed for Linux Kernel RT to resolve crucial CVE-2023-52340, countering Denial of Service threats effectively.. Linux Kernel Security Update, SUSE Live Patching, Denial Service Fix. . Severity: Important. LinuxSecurity.com Team
Apr 12, 2024
•Important
SuSE
100
security advisorycriticalSUSESUSE: 2023:4300-1 Critical: Kernel Live Patch 39 Local Escalation
* bsc#1215440 Cross-References: * CVE-2023-4623 . # Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4300-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_147 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4300=1 SUSE-SLE-Live- Patching-12-SP5-2023-4298=1 SUSE-SLE-Live-Patching-12-SP5-2023-4299=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4305=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_147-default-9-2.3 * kgraft-patch-4_12_14-122_156-default-7-2.2 * kgraft-patch-4_12_14-122_144-default-10-2.3 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64lex86_64) * kernel-livepatch-4_12_14-150100_197_131-default-10-150100.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 . An essential security patch from SUSE addresses a local privilege escalation vulnerability in the Linux Kernel within Live Patch version 39.. SUSE Linux Kernel Update, Live Patching, Linux Security, Kernel Vulnerability, Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
Oct 31, 2023
•Important
SuSE
98
security advisoryRed Hat Enterprise LinuximportantRed Hat: RHSA-2023:4215-01 Important: kpatch-patch Use-After-Free
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2023:4215-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4215 Issue date: 2023-07-19 CVE Names: CVE-2022-3564 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() innet/bluetooth/l2cap_core.c 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: kpatch-patch-3_10_0-1160_81_1-1-3.el7.src.rpm kpatch-patch-3_10_0-1160_83_1-1-2.el7.src.rpm kpatch-patch-3_10_0-1160_88_1-1-1.el7.src.rpm kpatch-patch-3_10_0-1160_90_1-1-1.el7.src.rpm kpatch-patch-3_10_0-1160_92_1-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-1160_81_1-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_81_1-debuginfo-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_83_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_83_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_88_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_88_1-debuginfo-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_90_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_90_1-debuginfo-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_92_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_92_1-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-1160_81_1-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1160_81_1-debuginfo-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1160_83_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1160_83_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1160_88_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1160_88_1-debuginfo-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1160_90_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1160_90_1-debuginfo-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1160_92_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1160_92_1-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3564 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkuIfrAAoJENzjgjWX9erEAcsP/RK4FRM3rIKbN4Diw4MlgCc0 vTVc0Fp3iHbymUc2jfJnKzHNlV9/UpeRmqSkNN3KHMmFhceBKWKTfsgMchm9EWdB 7G/+B1Rp41XcHNARiFITtwaSa0Uaa+SaLZs2KLfEmxgaMMcnLDNpXz31WNxpJMaw 5Gj3fhMCimcZfyTnwcr1cnP8r2LFXDibjkbTF1AGhzzIW4QUrrWvZAfZPn25y2cH qFlrZRkiP8U7v97xl8skM9aSLGnLEuj7wo+4u7PyStIhWkhBDl/xXR91BmLhba9S 7Ert0wEN+IxBdGH60gDYMB1qXgZmlC8HPTSWK+5f/p9cZdd11gMZFCo1lCHvq+Lo A4u71YMKRfaEFXIiAp/y+liC7mgvWyiM6RJ6MuPIlVTUxMv631EbNd3Af97DyO1E nxzVCkuU3phig/9Xsyhgh9AHRoeIXdtKmKvzjRab0+9LHejhQrJ5S0z4Zk8dnAkq vJ6dlfe5Lejn4et6ueEp8EOXH/bOcZw6abR/jkRUnz7KxQr2Vi5gVdZ+NvTdMYlO xZGWbvji/7gJ96tRdt/uJpVH5fvEvh+7Yjj48czR64MvAd2QJL/nZjat2KcpgjT2 on/d6rQBTFy2Q076SC/ZzQTYUo5aK3RgihJAHECTGi9dw6D/3t5j1QnqZPrZZga3 Yz/xKBjIDRDwhE8Wbi9M =i2Bf -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 20, 2023
•Important
Red Hat
98
security advisorysecurity updateprivilege escalationRedHat: RHSA-2023-4023-01 Important: Kpatch-Patch Privilege Escalation
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2023:4023-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4023 Issue date: 2023-07-11 CVE Names: CVE-2022-2588 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server E4S (v. 7.7) - ppc64le, x86_64 3. Description: The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Security Fix(es): * kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filterimplementation may lead to privilege escalation 6. Package List: Red Hat Enterprise Linux Server E4S (v. 7.7): Source: kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-1062_71_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_72_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-1062_71_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1062_72_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2588 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkrSXcAAoJENzjgjWX9erEGqkP/jbBKXoO2YyTa/52rGr5sdJs do2P4bHsggGYyAOYh5MrOl/cZN/JCgVEPBqkwvUMQMFBrHSq9rGBv+gzPqL0i7F4 h74worbKlUr4c4o8lDuq07IKbwporn4GMv0Cjfi+pxGI2Rs4G9ofIOEHf5+yEKHM RE7SAvlxmpT5U2sbkWXgyH/OhOIxScp3vJtSVTT8z6JRQZwC+th0LQkT27wgP8hw hVXcNL5D/pBP/0DvMV3MNgaS03nYa4fZcO3fXpfxwGCRFdNEdYoYh+p/ltGnHNIV Scche39y9p7Xc5m4qUBIoKzFq9RC56uJUHji4GwOElwxxIzxOJBxxCRPiawBPLgR HSvFKkXYRjLillhw6Ce9U7lg17u/h5+XpuzXhgCDP6WeRMXoumtDJkSPVchlDexq HD/7GC5jvP7O79WD/UFAiCVsHZtyP6I0JmGQUkXx6riOxuG+7QHJ/nIUY+NNuqmh VrkbWrx/FjLKAdMpFFnYAgcmWrOS3RJwLmb/lbTpRUB0QNjO8FD2u+rSl8FewSHt yRbR9isi1L1txVe3ajNXj3O2ndQ5ZoT/T89Jrud0eSQvuM68xL9aE5G+ns0WOYBI 58tWXzVmnDjXMBJZdkid/rSW710mDXKIPIlfUTJeZlhkO+A9Rm59ye6TY+mOw4rd 36ciUX8RJeDq5hFB0Ih5 =sPof -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 11, 2023
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxcritical threatRed Hat Enterprise Linux: RHSA-2022-8989-01 Important kpatch-patch Update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2022:8989-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8989 Issue date: 2022-12-13 CVE Names: CVE-2022-1158 CVE-2022-2639 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - ppc64le, x86_64 3. Description: The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Security Fix(es): * kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158) * kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region 2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v.8.2): Source: kpatch-patch-4_18_0-193_81_1-1-3.el8_2.src.rpm kpatch-patch-4_18_0-193_87_1-1-2.el8_2.src.rpm kpatch-patch-4_18_0-193_90_1-1-2.el8_2.src.rpm kpatch-patch-4_18_0-193_91_1-1-2.el8_2.src.rpm kpatch-patch-4_18_0-193_93_1-1-1.el8_2.src.rpm ppc64le: kpatch-patch-4_18_0-193_81_1-1-3.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_81_1-debuginfo-1-3.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_81_1-debugsource-1-3.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_87_1-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_87_1-debuginfo-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_87_1-debugsource-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_90_1-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_90_1-debuginfo-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_90_1-debugsource-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_91_1-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_91_1-debuginfo-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_91_1-debugsource-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_93_1-1-1.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_93_1-debuginfo-1-1.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_93_1-debugsource-1-1.el8_2.ppc64le.rpm x86_64: kpatch-patch-4_18_0-193_81_1-1-3.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_81_1-debuginfo-1-3.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_81_1-debugsource-1-3.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_87_1-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_87_1-debuginfo-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_87_1-debugsource-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_90_1-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_90_1-debuginfo-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_90_1-debugsource-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_91_1-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_91_1-debuginfo-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_91_1-debugsource-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_93_1-1-1.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_93_1-debuginfo-1-1.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_93_1-debugsource-1-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hatfor security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1158 https://access.redhat.com/security/cve/CVE-2022-2639 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5j+CtzjgjWX9erEAQjKdQ/+MVCZUFqW0y8DiZavFLaJUEB16u37RH/Y r7CWGtd1er6/M73xJyYQ3UV2+lFZLgTFQuTX7rNE7GowwMtAWCHdlP2CuKKXNeEe PjPu2gpA5WBL/8ee9rb9CqnB1MoC3sJ+2g2I5YlB/K/QVrrmqiZc9dsh8pN34JBh V/ccIbd8KTjWLS8u/VUtkuRzmfwIBRvFdCDliXoOwn60UwLCebu5G4OfW8Wp8NKF 2GGl9LuprvYUj1eIZQ+eyBxoPD98QqZNQWDgA9peAQQHQtVNyb7xYT+OzrPRit/1 O53cG/kzG5O8q87IM5bhj7iPuo3Ryag0u46nq8PJuzePV2nqNskaLCrWTsYgdw1x r3htiVNBlh9uviLDaPrAzJxPW6Vhnf6OHV67Dj4aNFL7LKmmz9uKQ+0+XceaHeCg Fw62qYX/rgtfQiXX0EjYnrnBpJxnmGAiI3ljTZdyg+RMOf5lUQNn3IHaVOhRb6Wo Vuf3tm51hh8AiAJutxHkqWeaDBep+sbprWz35oYlxG05U0iDce+krEwCCurgGTbO c+WsJtD33sZE10hX+pNL5SLZqLyTsJCp7n2bU6GNoovPZOBG6jxjd8OSJ1hemqgR A0G0Bh25jSES7ZY4N5uGh629Z7DmJB3/Rcbvkj8tc+DRTfTNMPfZsQUmHbQJ7SzI I5BfjKeO+1k=abKV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 13, 2022
•Important
Red Hat
100
security advisorybuffer overflowlocal privilege escalationSUSE: 2022:1212-1 Important Security Update: Kernel Live Patch
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1212-1 Rating: important References: #1195951 #1197133 Cross-References: CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_99 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1211=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1212=1 Package List: -SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_92-default-13-150100.2.1 kernel-livepatch-4_12_14-197_99-default-11-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197133 . SUSE has released a Security Update for the Linux Kernel to rectify critical vulnerabilities found in SLE 15 SP1.. Linux Kernel Patch, SUSE Security Update, SUSE Live Patching. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2022
•Important
SuSE
100
security advisorydenial of servicebuffer overflowSUSE: 2021:5098-1 Critical: Kernel Live Patch Security Flaw
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3272-1 Rating: important References: #1107832 #1110233 Cross-References: CVE-2018-14633 CVE-2018-17182 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_16 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternativelyyou can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2357=1 SUSE-SLE-Module-Live-Patching-15-2018-2358=1 SUSE-SLE-Module-Live-Patching-15-2018-2359=1 SUSE-SLE-Module-Live-Patching-15-2018-2360=1 SUSE-SLE-Module-Live-Patching-15-2018-2361=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-5-13.2 kernel-livepatch-4_12_14-23-default-debuginfo-5-13.2 kernel-livepatch-4_12_14-25_16-default-3-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_19-default-2-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-25_3-default-5-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_6-default-5-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-5-2.1 kernel-livepatch-SLE15_Update_0-debugsource-5-13.2 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1107832 https://bugzilla.suse.com/1110233 _______________________________________________ sle-security-updates mailing list
Oct 22, 2018
•Critical
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!