SB2022041426 - SUSE update for the Linux Kernel
Published: April 14, 2022 Updated: April 11, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Security features bypass (CVE-ID: CVE-2021-39713)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to multiple issues in Qdisc implementation related to rcu read lock. A local application can execute arbitrary code with elevated privileges.
2) Use-after-free (CVE-ID: CVE-2021-45868)
The vulnerability allows a local user to perform a denial-of-service attack.
The vulnerability exists due to fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). A local user can trigger use-after-free error and perform a denial-of-service attack.
3) Information disclosure (CVE-ID: CVE-2022-0001)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
4) Information disclosure (CVE-ID: CVE-2022-0002)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.
5) Information disclosure (CVE-ID: CVE-2022-0812)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c() function in RPCRDMA_HDRLEN_MIN (7). A local user can gain unauthorized access to sensitive information on the system.
6) Information disclosure (CVE-ID: CVE-2022-0850)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the copy_page_to_iter() function in iov_iter.c in Linux kernel. A local user can gain unauthorized access to sensitive information on the system.
7) Use-after-free (CVE-ID: CVE-2022-1016)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.
8) Use-after-free (CVE-ID: CVE-2022-1048)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. A local user can execute arbitrary code with elevated privileges and perform a denial-of-service attack.
9) Race condition (CVE-ID: CVE-2022-23036)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the blkfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
10) Race condition (CVE-ID: CVE-2022-23037)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
11) Race condition (CVE-ID: CVE-2022-23038)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the scsifront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
12) Race condition (CVE-ID: CVE-2022-23039)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the gntalloc ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
13) Race condition (CVE-ID: CVE-2022-23040)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the xenbus ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
14) Race condition (CVE-ID: CVE-2022-23041)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls ring buffers. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
15) Reachable Assertion (CVE-ID: CVE-2022-23042)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to reachable assertion in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
16) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
17) Buffer overflow (CVE-ID: CVE-2022-26490)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.
18) Use-after-free (CVE-ID: CVE-2022-26966)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in drivers/net/usb/sr9700.c in the Linux kernel. A remote attacker can pass specially crafted data and obtain sensitive information from heap memory.
19) Heap-based buffer overflow (CVE-ID: CVE-2022-27666)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.
20) Double Free (CVE-ID: CVE-2022-28388)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in the usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
21) Double Free (CVE-ID: CVE-2022-28389)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
22) Double Free (CVE-ID: CVE-2022-28390)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.