SB2022092008 - SUSE update for the Linux Kernel
Published: September 20, 2022 Updated: March 20, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-36516)
The vulnerability allows a remote attacker to perform a denial of service (DoS) or MitM attacks.
The vulnerability exists due to an error in the mixed IPID assignment method with the hash-based IPID assignment policy in Linux kernel. A remote attacker can inject data into a victim's TCP session or terminate that session.
2) Race condition (CVE-ID: CVE-2020-36557)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition between the VT_DISALLOCATE IOCTL and closing/opening of ttys. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
3) NULL pointer dereference (CVE-ID: CVE-2020-36558)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 5.5.7 involving a VT_RESIZEX. A local user can perform a denial of service (DoS) attack.
4) Use-after-free (CVE-ID: CVE-2021-4203)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in sock_getsockopt() function in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() function (and connect() function) in the Linux kernel. A local user can exploit the use-after-free error and crash the system or escalate privileges on the system.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20166)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.
6) Out-of-bounds read (CVE-ID: CVE-2022-20368)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
7) Out-of-bounds write (CVE-ID: CVE-2022-20369)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the v4l2_m2m_querybuf() function in v4l2-mem2mem.c. A local user can trigger ab out-of-bounds write and execute arbitrary code with elevated privileges.
8) Input validation error (CVE-ID: CVE-2022-21385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the net_rds_alloc_sgs() function in net/rds/message.c in Linux kernel. A local user can perform a denial of service (DoS) attack.
9) Double Free (CVE-ID: CVE-2022-2588)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a double free error within the network packet scheduler implementation
in the route4_change() function in Linux kernel when removing all references to a route filter
before freeing it. A local user can run a specially crafted program to
crash the kernel or execute arbitrary code.
10) Security restrictions bypass (CVE-ID: CVE-2022-26373)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of return predictor targets between contexts in Intel CPU processors. A local user can bypass the expected architecture isolation between contexts and gain access to sensitive information on the system.
11) Integer underflow (CVE-ID: CVE-2022-2639)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow within the reserve_sfa_size() function in the openvswitch kernel module in Linux kernel. A local user can trigger an out-of-bounds read error and crash the system or escalate privileges.
12) Use-after-free (CVE-ID: CVE-2022-2977)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel implementation of proxied virtualized TPM devices. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
13) Race condition (CVE-ID: CVE-2022-3028)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.
14) Resource management error (CVE-ID: CVE-2022-36879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the xfrm_expand_policies() function in net/xfrm/xfrm_policy.c. A local user can cause the refcount to be dropped twice and perform a denial of service (DoS) attack.
15) Input validation error (CVE-ID: CVE-2022-36946)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.