SUSE update for the Linux Kernel (Live Patch 44 for SLE 12 SP3)

1) Improper Initialization

EUVDB-ID: #VU63658

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28688

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. A local user can perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel (Live Patch 44 for SLE 12 SP3) to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 12-SP3

SUSE Linux Enterprise Server: 12-SP3-LTSS

kgraft-patch-4_4_180-94_161-default-debuginfo: before 2-2.1

kgraft-patch-4_4_180-94_161-default: before 2-2.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221641-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security features bypass

EUVDB-ID: #VU63350

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-39713

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to multiple issues in Qdisc implementation related to rcu read lock. A local application can execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel (Live Patch 44 for SLE 12 SP3) to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 12-SP3

SUSE Linux Enterprise Server: 12-SP3-LTSS

kgraft-patch-4_4_180-94_161-default-debuginfo: before 2-2.1

kgraft-patch-4_4_180-94_161-default: before 2-2.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221641-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU63386

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1011

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel (Live Patch 44 for SLE 12 SP3) to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 12-SP3

SUSE Linux Enterprise Server: 12-SP3-LTSS

kgraft-patch-4_4_180-94_161-default-debuginfo: before 2-2.1

kgraft-patch-4_4_180-94_161-default: before 2-2.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221641-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.