SUSE update for the Linux Kernel (Live Patch 27 for SLE 15 SP1)



Published: 2022-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-0330
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

kgraft-patch-4_12_14-95_74-default
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_88-default
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_83-default
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_80-default
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_74-default
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_71-default
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-150_78-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-150_78-default
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-150_75-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-150_75-default
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-150_72-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-150_72-default
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-197_99-default
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-197_92-default
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-197_89-default
Operating systems & Components / Operating system package or component

kernel-livepatch-4_12_14-197_102-default
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU60988

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0330

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a random memory access flaw caused by a missing TLB flush in Linux kernel GPU i915 kernel driver functionality. A local user can execute arbitrary code on the system with elevated privileges.

Mitigation

Update the affected package the Linux Kernel (Live Patch 27 for SLE 15 SP1) to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 15-SP1 - 15-SP3-LTSS

SUSE Linux Enterprise High Performance Computing: 15-SP1 - 15-SP3-LTSS

SUSE Linux Enterprise Module for Live Patching: 15-SP1 - 15-SP4

SUSE Linux Enterprise Server for SAP Applications: 15 - 15-SP1

SUSE Linux Enterprise Live Patching: 12-SP4 - 12-SP5

kgraft-patch-4_12_14-95_74-default: before 16-2.1

kgraft-patch-4_12_14-122_88-default: before 10-2.1

kgraft-patch-4_12_14-122_83-default: before 12-2.1

kgraft-patch-4_12_14-122_80-default: before 13-2.1

kgraft-patch-4_12_14-122_74-default: before 14-2.1

kgraft-patch-4_12_14-122_71-default: before 16-2.1

kernel-livepatch-4_12_14-150_78-default-debuginfo: before 8-150000.2.1

kernel-livepatch-4_12_14-150_78-default: before 8-150000.2.1

kernel-livepatch-4_12_14-150_75-default-debuginfo: before 13-150000.2.1

kernel-livepatch-4_12_14-150_75-default: before 13-150000.2.1

kernel-livepatch-4_12_14-150_72-default-debuginfo: before 16-150000.2.1

kernel-livepatch-4_12_14-150_72-default: before 16-150000.2.1

kernel-livepatch-4_12_14-197_99-default: before 13-150100.2.1

kernel-livepatch-4_12_14-197_92-default: before 15-150100.2.1

kernel-livepatch-4_12_14-197_89-default: before 16-150100.2.1

kernel-livepatch-4_12_14-197_102-default: before 8-150100.2.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221589-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###