SUSE update for the Linux Kernel



| Updated: 2024-08-21
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2021-4083
CVE-2021-4135
CVE-2021-4149
CVE-2021-4197
CVE-2021-4202
CVE-2021-44733
CVE-2021-45485
CVE-2021-45486
CVE-2022-0185
CVE-2022-0322
CWE-ID CWE-416
CWE-200
CWE-667
CWE-264
CWE-190
CWE-704
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Vulnerability #9 is being exploited in the wild.
Vulnerable software
SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Realtime
Operating systems & Components / Operating system

kernel-rt_debug
Operating systems & Components / Operating system package or component

kernel-source-rt
Operating systems & Components / Operating system package or component

kernel-devel-rt
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt
Operating systems & Components / Operating system package or component

kernel-syms-rt
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel
Operating systems & Components / Operating system package or component

kernel-rt_debug-debugsource
Operating systems & Components / Operating system package or component

kernel-rt_debug-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-devel
Operating systems & Components / Operating system package or component

gfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-rt
Operating systems & Components / Operating system package or component

dlm-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-rt
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt-debugsource
Operating systems & Components / Operating system package or component

kernel-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU61246

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4083

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel's garbage collection for Unix domain socket file handlers. A local user can call close() and fget() simultaneously and can potentially trigger a race condition, which in turn leads to a use-after-free error and allows privilege escalation.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU63566

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4135

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to simulated networking device driver for the Linux kernel does not properly initialize memory in certain situations. A local user can gain unauthorized access to sensitive information (kernel memory).

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU64071

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4149

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. A local user can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

EUVDB-ID: #VU61258

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4197

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU63764

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4202

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the nci_request() function in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. A local user can cause a data race problem while the device is getting removed and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU59100

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-44733

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Information disclosure

EUVDB-ID: #VU63668

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45485

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in the IPv6 implementation in the Linux kernel. A remote attacker can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU63577

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45486

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect implementation of the IPv4 protocol in the Linux kernel. A remote attacker can disclose internal state in some situations.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer overflow

EUVDB-ID: #VU59695

Risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-0185

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the legacy_parse_param() function in fs/fs_context.c in Linux kernel. A local user can tun a specially crafted program to trigger integer overflow and execute arbitrary code with root privileges.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

10) Type conversion

EUVDB-ID: #VU63856

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0322

CWE-ID: CWE-704 - Type conversion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a type conversion error in the sctp_make_strreset_req() function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel. A local user can perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.0

SUSE Linux Enterprise Module for Realtime: 15-SP2

kernel-rt_debug: before 5.3.18-68.1

kernel-source-rt: before 5.3.18-68.1

kernel-devel-rt: before 5.3.18-68.1

ocfs2-kmp-rt-debuginfo: before 5.3.18-68.1

ocfs2-kmp-rt: before 5.3.18-68.1

kernel-syms-rt: before 5.3.18-68.1

kernel-rt_debug-devel-debuginfo: before 5.3.18-68.1

kernel-rt_debug-devel: before 5.3.18-68.1

kernel-rt_debug-debugsource: before 5.3.18-68.1

kernel-rt_debug-debuginfo: before 5.3.18-68.1

kernel-rt-devel-debuginfo: before 5.3.18-68.1

kernel-rt-devel: before 5.3.18-68.1

gfs2-kmp-rt-debuginfo: before 5.3.18-68.1

gfs2-kmp-rt: before 5.3.18-68.1

dlm-kmp-rt-debuginfo: before 5.3.18-68.1

dlm-kmp-rt: before 5.3.18-68.1

cluster-md-kmp-rt-debuginfo: before 5.3.18-68.1

cluster-md-kmp-rt: before 5.3.18-68.1

kernel-rt-debugsource: before 5.3.18-68.1

kernel-rt-debuginfo: before 5.3.18-68.1

kernel-rt: before 5.3.18-68.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###