SB2022072146 - SUSE update for the Linux Kernel
Published: July 21, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 49 secuirty vulnerabilities.
1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2021-26341)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to some AMD CPUs may transiently execute beyond unconditional direct branches. A local user can gain unauthorized access to sensitive information on the system.
2) Input validation error (CVE-ID: CVE-2021-33061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control flow management. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
3) Out-of-bounds read (CVE-ID: CVE-2021-4204)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition in Linux kernel eBPF. A local user trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
4) NULL pointer dereference (CVE-ID: CVE-2021-44879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the gc_data_segment() function in fs/f2fs/gc.c. A local user can mount a specially crafted f2fs image, trigger a NULL pointer dereference and perform a denial of service (DoS) attack.
5) Out-of-bounds read (CVE-ID: CVE-2021-45402)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction. A local user can obtain potentially sensitive address information.
6) Improper Handling of Exceptional Conditions (CVE-ID: CVE-2022-0264)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the Linux kernel's eBPF verifier when handling internal data structures. A local user can leak internal kernel memory details.
7) Information disclosure (CVE-ID: CVE-2022-0494)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.
8) NULL pointer dereference (CVE-ID: CVE-2022-0617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.
9) Memory leak (CVE-ID: CVE-2022-1012)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.
10) Use-after-free (CVE-ID: CVE-2022-1016)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.
11) Use-after-free (CVE-ID: CVE-2022-1184)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in fs/ext4/namei.c:dx_insert_block() function in the Linux kernel’s filesystem sub-component.. A local user can trigger use-after-free and perform a denial of service attack.
12) Use-after-free (CVE-ID: CVE-2022-1198)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the drivers/net/hamradio/6pack.c. A local user can perform a denial of service (DoS) attack by simulating Amateur Radio.
13) NULL pointer dereference (CVE-ID: CVE-2022-1205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a null pointer dereference and use after free errors in the net/ax25/ax25_timer.c. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.
14) Out-of-bounds read (CVE-ID: CVE-2022-1462)
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the Linux kernel’s TeleTYpe subsystem caused by a race condition when using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory file. A local user can trigger an out-of-bounds read error and crash the system or read random kernel memory.
15) Out-of-bounds read (CVE-ID: CVE-2022-1508)
The vulnerability allows a local user to access sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the io_read() and iov_iter_reexpand() functions in fs/io_uring.c. A local user can access sensitive information or perform a denial of service (DoS) attack.
16) Memory leak (CVE-ID: CVE-2022-1651)
The vulnerability allows a local privileged user to perform DoS attack on the target system.
The vulnerability exists due memory leak in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c() function in how the ACRN Device Model emulates virtual NICs in VM. A local privileged user can leak unauthorized kernel information, causing a denial of service.
17) Use-after-free (CVE-ID: CVE-2022-1652)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the bad_flp_intr() function. A local user can execute a specially-crafted program to cause a denial of service condition on the system or escalate privileges on the system.
18) NULL pointer dereference (CVE-ID: CVE-2022-1671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. A local user can crash the system or leak internal kernel information.
19) Use-after-free (CVE-ID: CVE-2022-1679)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath9k_htc_wait_for_target() function in the Linux kernel’s Atheros wireless adapter driver. A local user can execute arbitrary code with elevated privileges.
20) Race condition (CVE-ID: CVE-2022-1729)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within sys_perf_event_open() in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
21) Use-after-free (CVE-ID: CVE-2022-1734)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations. A local user can trigger use-after-free to escalate privileges on the system.
22) NULL pointer dereference (CVE-ID: CVE-2022-1789)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference in kvm_mmu_invpcid_gva. A local attacker can trigger vulnerability to perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2022-1852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s KVM module. A local user can perform a denial of service (DoS) attack in the x86_emulate_insn in arch/x86/kvm/emulate.c.
24) Use-after-free (CVE-ID: CVE-2022-1966)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can trigger use-after-free error to escalate privileges on the system.
25) Out-of-bounds write (CVE-ID: CVE-2022-1972)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel's netfilter subsystem. A local user can trigger out-of-bounds write to escalate privileges on the system.
26) Use-after-free (CVE-ID: CVE-2022-1974)
The vulnerability allows a local privileged user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. A local attacker with CAP_NET_ADMIN privilege can leak kernel information and escalate privileges on the system.
27) Use-after-free (CVE-ID: CVE-2022-1998)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the copy_event_to_user() function in Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
28) Information disclosure (CVE-ID: CVE-2022-20132)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the USB HID component in Linux Kernel. A local user can trigger the vulnerability to gain access to potentially sensitive information.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20154)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.
30) Information disclosure (CVE-ID: CVE-2022-21123)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
31) Information disclosure (CVE-ID: CVE-2022-21125)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
32) Incomplete cleanup (CVE-ID: CVE-2022-21127)
The vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due to incomplete cleanup in specific special register read operations. A local user can enable information disclosure.
33) Information disclosure (CVE-ID: CVE-2022-21166)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
34) Input validation error (CVE-ID: CVE-2022-21180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in Memory Mapped I/O (MMIO) for some 14nm Client/Xeon E3 Intel® Processors. A local user can pass specially crafted input and perform a denial of service (DoS) attack in certain virtualized environments.
35) Improper access control (CVE-ID: CVE-2022-21499)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.
36) Use-after-free (CVE-ID: CVE-2022-2318)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error caused by timer handler in net/rose/rose_timer.c of linux. A local user can exploit the vulnerability to perform a denial of service attack.
37) Security restrictions bypass (CVE-ID: CVE-2022-23222)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.
38) Information disclosure (CVE-ID: CVE-2022-26365)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
39) Buffer overflow (CVE-ID: CVE-2022-26490)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.
40) Use-after-free (CVE-ID: CVE-2022-29582)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the io_uring timeouts() function in the Linux kernel. A local user can trigger a race condition between timeout flush and removal to cause a denial of service or escalate privileges on the system.
41) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29900)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed RETbleed.
42) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29901)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.
43) Incorrect default permissions (CVE-ID: CVE-2022-30594)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to mishandling seccomp permissions. A local user can bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag and escalate privileges on the system.
44) Information disclosure (CVE-ID: CVE-2022-33740)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
45) Information disclosure (CVE-ID: CVE-2022-33741)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
46) Information disclosure (CVE-ID: CVE-2022-33742)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
47) Resource management error (CVE-ID: CVE-2022-33743)
The vulnerability allows a malicious network backend to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in eXpress Data Path support implementation in Xen, allowing Linux netfront to use freed SKBs. A malicious network backend can cause denial of service on the guest OS.
48) Use-after-free (CVE-ID: CVE-2022-33981)
The vulnerability allows a local user to perform denial of service attack.
The vulnerability exists due to a use-after-free error in drivers/block/floppy.c in the Linux kernel when deallocating raw_cmd in the raw_cmd_ioctl function(). A local user can trigger use-after-free and perform denial of service attack.
49) Type Confusion (CVE-ID: CVE-2022-34918)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.
Remediation
Install update from vendor's website.