SUSE update for the Linux Kernel (Live Patch 10 for SLE 15 SP3)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2021-4001 CVE-2022-0492 CVE-2022-25636 |
| CWE-ID | CWE-362 CWE-264 CWE-122 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Linux Enterprise Module for Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system kernel-livepatch-SLE15-SP3_Update_9-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_7-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_6-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_5-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_10-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_37-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_37-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_34-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_34-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_27-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_27-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_24-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_24-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_19-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_19-default Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Race condition
EUVDB-ID: #VU81665
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4001
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in kernel/bpf/syscall.c in Linux kernel ebpf. A local user can exploit the race between bpf_map_update_elem and bpf_map_freeze and modify the frozen mapped address space.
MitigationUpdate the affected package the Linux Kernel (Live Patch 10 for SLE 15 SP3) to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Module for Live Patching: 15-SP3
SUSE Linux Enterprise Micro: 5.1
SUSE Linux Enterprise Server for SAP Applications: 15-SP3
kernel-livepatch-SLE15-SP3_Update_9-debugsource: before 6-150300.2.1
kernel-livepatch-SLE15-SP3_Update_7-debugsource: before 7-150300.2.1
kernel-livepatch-SLE15-SP3_Update_6-debugsource: before 7-150300.2.1
kernel-livepatch-SLE15-SP3_Update_5-debugsource: before 9-150300.2.1
kernel-livepatch-SLE15-SP3_Update_10-debugsource: before 5-150300.2.1
kernel-livepatch-5_3_18-59_37-default-debuginfo: before 5-150300.2.1
kernel-livepatch-5_3_18-59_37-default: before 5-150300.2.1
kernel-livepatch-5_3_18-59_34-default-debuginfo: before 6-150300.2.1
kernel-livepatch-5_3_18-59_34-default: before 6-150300.2.1
kernel-livepatch-5_3_18-59_27-default-debuginfo: before 7-150300.2.1
kernel-livepatch-5_3_18-59_27-default: before 7-150300.2.1
kernel-livepatch-5_3_18-59_24-default-debuginfo: before 7-150300.2.1
kernel-livepatch-5_3_18-59_24-default: before 7-150300.2.1
kernel-livepatch-5_3_18-59_19-default-debuginfo: before 9-150300.2.1
kernel-livepatch-5_3_18-59_19-default: before 9-150300.2.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP3-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP3-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_live_patching:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_9-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_7-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_6-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_5-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_10-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_37-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_37-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_34-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_34-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_27-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_27-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_24-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_24-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_19-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_19-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20220984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61245
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-0492
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.
MitigationUpdate the affected package the Linux Kernel (Live Patch 10 for SLE 15 SP3) to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Module for Live Patching: 15-SP3
SUSE Linux Enterprise Micro: 5.1
SUSE Linux Enterprise Server for SAP Applications: 15-SP3
kernel-livepatch-SLE15-SP3_Update_9-debugsource: before 6-150300.2.1
kernel-livepatch-SLE15-SP3_Update_7-debugsource: before 7-150300.2.1
kernel-livepatch-SLE15-SP3_Update_6-debugsource: before 7-150300.2.1
kernel-livepatch-SLE15-SP3_Update_5-debugsource: before 9-150300.2.1
kernel-livepatch-SLE15-SP3_Update_10-debugsource: before 5-150300.2.1
kernel-livepatch-5_3_18-59_37-default-debuginfo: before 5-150300.2.1
kernel-livepatch-5_3_18-59_37-default: before 5-150300.2.1
kernel-livepatch-5_3_18-59_34-default-debuginfo: before 6-150300.2.1
kernel-livepatch-5_3_18-59_34-default: before 6-150300.2.1
kernel-livepatch-5_3_18-59_27-default-debuginfo: before 7-150300.2.1
kernel-livepatch-5_3_18-59_27-default: before 7-150300.2.1
kernel-livepatch-5_3_18-59_24-default-debuginfo: before 7-150300.2.1
kernel-livepatch-5_3_18-59_24-default: before 7-150300.2.1
kernel-livepatch-5_3_18-59_19-default-debuginfo: before 9-150300.2.1
kernel-livepatch-5_3_18-59_19-default: before 9-150300.2.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP3-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP3-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_live_patching:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_9-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_7-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_6-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_5-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_10-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_37-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_37-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_34-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_34-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_27-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_27-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_24-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_24-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_19-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_19-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20220984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
3) Heap-based buffer overflow
EUVDB-ID: #VU61271
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-25636
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in net/netfilter/nf_dup_netdev.c in the Linux kernel, related to nf_tables_offload. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel (Live Patch 10 for SLE 15 SP3) to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Module for Live Patching: 15-SP3
SUSE Linux Enterprise Micro: 5.1
SUSE Linux Enterprise Server for SAP Applications: 15-SP3
kernel-livepatch-SLE15-SP3_Update_9-debugsource: before 6-150300.2.1
kernel-livepatch-SLE15-SP3_Update_7-debugsource: before 7-150300.2.1
kernel-livepatch-SLE15-SP3_Update_6-debugsource: before 7-150300.2.1
kernel-livepatch-SLE15-SP3_Update_5-debugsource: before 9-150300.2.1
kernel-livepatch-SLE15-SP3_Update_10-debugsource: before 5-150300.2.1
kernel-livepatch-5_3_18-59_37-default-debuginfo: before 5-150300.2.1
kernel-livepatch-5_3_18-59_37-default: before 5-150300.2.1
kernel-livepatch-5_3_18-59_34-default-debuginfo: before 6-150300.2.1
kernel-livepatch-5_3_18-59_34-default: before 6-150300.2.1
kernel-livepatch-5_3_18-59_27-default-debuginfo: before 7-150300.2.1
kernel-livepatch-5_3_18-59_27-default: before 7-150300.2.1
kernel-livepatch-5_3_18-59_24-default-debuginfo: before 7-150300.2.1
kernel-livepatch-5_3_18-59_24-default: before 7-150300.2.1
kernel-livepatch-5_3_18-59_19-default-debuginfo: before 9-150300.2.1
kernel-livepatch-5_3_18-59_19-default: before 9-150300.2.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP3-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP3-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_live_patching:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_9-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_7-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_6-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_5-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-sle15-sp3_update_10-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_37-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_37-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_34-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_34-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_27-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_27-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_24-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_24-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_19-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-livepatch-5_3_18-59_19-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20220984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
