SUSE update for the Linux Kernel (Live Patch 30 for SLE 15 SP1)

Published: 2022-09-06

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2020-36516 CVE-2022-36946
CWE-ID	CWE-327 CWE-20
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #2 is available.
Vulnerable software	SUSE Linux Enterprise Module for Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system kgraft-patch-4_12_14-95_99-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-95_96-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-95_93-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-95_88-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-95_83-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-95_105-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-95_102-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_98-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_91-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_88-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_127-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_124-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_121-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_116-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_113-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_110-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_106-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_103-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150_86-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150_86-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150_83-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150_83-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150_78-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150_78-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150000_150_95-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150000_150_95-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150000_150_92-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150000_150_92-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150000_150_89-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150000_150_89-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-197_108-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-197_105-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-197_102-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150100_197_117-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150100_197_114-default Operating systems & Components / Operating system package or component kernel-livepatch-4_12_14-150100_197_111-default Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_25-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_27-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_26-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_24-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_23-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_22-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_21-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_20-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_19-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_99-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_99-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_96-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_96-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_93-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_93-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_86-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_86-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_83-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_83-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_107-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_107-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_102-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_102-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_115-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_115-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_112-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_112-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_40-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_9-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_7-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_6-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP3_Update_10-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_40-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_37-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_37-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_34-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_34-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_27-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_27-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_24-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-59_24-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_87-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_76-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_71-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_68-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_63-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_60-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_54-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_49-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_46-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_46-default Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_43-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150300_59_43-default Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU66811

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36516

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) or MitM attacks.

The vulnerability exists due to an error in the mixed IPID assignment method with the hash-based IPID assignment policy in Linux kernel. A remote attacker can inject data into a victim's TCP session or terminate that session.

Mitigation

Update the affected package the Linux Kernel (Live Patch 30 for SLE 15 SP1) to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Live Patching: 15-SP1 - 15-SP4

SUSE Linux Enterprise Server for SAP Applications: 15-SP1 - 15

SUSE Linux Enterprise High Performance Computing: 15-SP1 - 15

SUSE Linux Enterprise Server: 15-SP1 - 15-SP3

SUSE Linux Enterprise Live Patching: 12-SP4 - 12-SP5

SUSE Linux Enterprise Micro: 5.1

kgraft-patch-4_12_14-95_99-default: before 4-2.2

kgraft-patch-4_12_14-95_96-default: before 7-2.3

kgraft-patch-4_12_14-95_93-default: before 8-2.3

kgraft-patch-4_12_14-95_88-default: before 9-2.3

kgraft-patch-4_12_14-95_83-default: before 13-2.3

kgraft-patch-4_12_14-95_105-default: before 2-2.2

kgraft-patch-4_12_14-95_102-default: before 2-2.2

kgraft-patch-4_12_14-122_98-default: before 14-2.3

kgraft-patch-4_12_14-122_91-default: before 16-2.3

kgraft-patch-4_12_14-122_88-default: before 16-2.3

kgraft-patch-4_12_14-122_127-default: before 2-2.2

kgraft-patch-4_12_14-122_124-default: before 4-2.2

kgraft-patch-4_12_14-122_121-default: before 5-2.3

kgraft-patch-4_12_14-122_116-default: before 7-2.3

kgraft-patch-4_12_14-122_113-default: before 9-2.3

kgraft-patch-4_12_14-122_110-default: before 10-2.3

kgraft-patch-4_12_14-122_106-default: before 12-2.3

kgraft-patch-4_12_14-122_103-default: before 14-2.3

kernel-livepatch-4_12_14-150_86-default-debuginfo: before 8-150000.2.2

kernel-livepatch-4_12_14-150_86-default: before 8-150000.2.2

kernel-livepatch-4_12_14-150_83-default-debuginfo: before 9-150000.2.2

kernel-livepatch-4_12_14-150_83-default: before 9-150000.2.2

kernel-livepatch-4_12_14-150_78-default-debuginfo: before 13-150000.2.2

kernel-livepatch-4_12_14-150_78-default: before 13-150000.2.2

kernel-livepatch-4_12_14-150000_150_95-default-debuginfo: before 2-150000.2.1

kernel-livepatch-4_12_14-150000_150_95-default: before 2-150000.2.1

kernel-livepatch-4_12_14-150000_150_92-default-debuginfo: before 4-150000.2.1

kernel-livepatch-4_12_14-150000_150_92-default: before 4-150000.2.1

kernel-livepatch-4_12_14-150000_150_89-default-debuginfo: before 7-150000.2.2

kernel-livepatch-4_12_14-150000_150_89-default: before 7-150000.2.2

kernel-livepatch-4_12_14-197_108-default: before 8-150100.2.2

kernel-livepatch-4_12_14-197_105-default: before 9-150100.2.2

kernel-livepatch-4_12_14-197_102-default: before 13-150100.2.2

kernel-livepatch-4_12_14-150100_197_117-default: before 2-150100.2.1

kernel-livepatch-4_12_14-150100_197_114-default: before 4-150100.2.1

kernel-livepatch-4_12_14-150100_197_111-default: before 7-150100.2.2

kernel-livepatch-SLE15-SP2_Update_25-debugsource: before 11-150200.2.2

kernel-livepatch-SLE15-SP2_Update_27-debugsource: before 5-150200.2.1

kernel-livepatch-SLE15-SP2_Update_26-debugsource: before 7-150200.2.2

kernel-livepatch-SLE15-SP2_Update_24-debugsource: before 12-150200.2.2

kernel-livepatch-SLE15-SP2_Update_23-debugsource: before 13-150200.2.2

kernel-livepatch-SLE15-SP2_Update_22-debugsource: before 14-150200.2.2

kernel-livepatch-SLE15-SP2_Update_21-debugsource: before 15-150200.2.2

kernel-livepatch-SLE15-SP2_Update_20-debugsource: before 16-150200.2.2

kernel-livepatch-SLE15-SP2_Update_19-debugsource: before 16-150200.2.2

kernel-livepatch-5_3_18-24_99-default-debuginfo: before 13-150200.2.2

kernel-livepatch-5_3_18-24_99-default: before 13-150200.2.2

kernel-livepatch-5_3_18-24_96-default-debuginfo: before 14-150200.2.2

kernel-livepatch-5_3_18-24_96-default: before 14-150200.2.2

kernel-livepatch-5_3_18-24_93-default-debuginfo: before 15-150200.2.2

kernel-livepatch-5_3_18-24_93-default: before 15-150200.2.2

kernel-livepatch-5_3_18-24_86-default-debuginfo: before 16-150200.2.2

kernel-livepatch-5_3_18-24_86-default: before 16-150200.2.2

kernel-livepatch-5_3_18-24_83-default-debuginfo: before 16-150200.2.2

kernel-livepatch-5_3_18-24_83-default: before 16-150200.2.2

kernel-livepatch-5_3_18-24_107-default-debuginfo: before 11-150200.2.2

kernel-livepatch-5_3_18-24_107-default: before 11-150200.2.2

kernel-livepatch-5_3_18-24_102-default-debuginfo: before 12-150200.2.2

kernel-livepatch-5_3_18-24_102-default: before 12-150200.2.2

kernel-livepatch-5_3_18-150200_24_115-default-debuginfo: before 5-150200.2.1

kernel-livepatch-5_3_18-150200_24_115-default: before 5-150200.2.1

kernel-livepatch-5_3_18-150200_24_112-default-debuginfo: before 7-150200.2.2

kernel-livepatch-5_3_18-150200_24_112-default: before 7-150200.2.2

kernel-livepatch-5_3_18-59_40-default-debuginfo: before 14-150300.2.2

kernel-livepatch-SLE15-SP3_Update_9-debugsource: before 15-150300.2.2

kernel-livepatch-SLE15-SP3_Update_7-debugsource: before 16-150300.2.2

kernel-livepatch-SLE15-SP3_Update_6-debugsource: before 16-150300.2.2

kernel-livepatch-SLE15-SP3_Update_10-debugsource: before 14-150300.2.2

kernel-livepatch-5_3_18-59_40-default: before 14-150300.2.2

kernel-livepatch-5_3_18-59_37-default-debuginfo: before 14-150300.2.2

kernel-livepatch-5_3_18-59_37-default: before 14-150300.2.2

kernel-livepatch-5_3_18-59_34-default-debuginfo: before 15-150300.2.2

kernel-livepatch-5_3_18-59_34-default: before 15-150300.2.2

kernel-livepatch-5_3_18-59_27-default-debuginfo: before 16-150300.2.2

kernel-livepatch-5_3_18-59_27-default: before 16-150300.2.2

kernel-livepatch-5_3_18-59_24-default-debuginfo: before 16-150300.2.2

kernel-livepatch-5_3_18-59_24-default: before 16-150300.2.2

kernel-livepatch-5_3_18-150300_59_87-default: before 3-150300.2.1

kernel-livepatch-5_3_18-150300_59_76-default: before 4-150300.2.1

kernel-livepatch-5_3_18-150300_59_71-default: before 5-150300.2.1

kernel-livepatch-5_3_18-150300_59_68-default: before 6-150300.2.2

kernel-livepatch-5_3_18-150300_59_63-default: before 7-150300.2.2

kernel-livepatch-5_3_18-150300_59_60-default: before 10-150300.2.2

kernel-livepatch-5_3_18-150300_59_54-default: before 11-150300.2.2

kernel-livepatch-5_3_18-150300_59_49-default: before 12-150300.2.2

kernel-livepatch-5_3_18-150300_59_46-default-debuginfo: before 13-150300.2.2

kernel-livepatch-5_3_18-150300_59_46-default: before 13-150300.2.2

kernel-livepatch-5_3_18-150300_59_43-default-debuginfo: before 13-150300.2.2

kernel-livepatch-5_3_18-150300_59_43-default: before 13-150300.2.2

CPE2.3

External links

https://www.suse.com/support/update/announcement/2022/suse-su-20223061-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU66476

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-36946

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.