SB2022122161 - SUSE update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022122161

SB2022122161 - SUSE update for the Linux Kernel (Live Patch 12 for SLE 15 SP3)

Published: December 21, 2022

Security Bulletin ID SB2022122161
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 13% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2022-2964)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


2) Buffer overflow (CVE-ID: CVE-2022-3545)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the area_cache_get() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.


3) Out-of-bounds write (CVE-ID: CVE-2022-3577)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the bigben_probe() function in drivers/hid/hid-bigbenff.c within the Kid-friendly Wired Controller driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


4) Use-after-free (CVE-ID: CVE-2022-3586)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. A local user can perform a denial of service (DoS) attack.


5) Use-after-free (CVE-ID: CVE-2022-41218)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_demux_open() and dvb_dmxdev_release() function in drivers/media/dvb-core/dmxdev.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


6) Buffer overflow (CVE-ID: CVE-2022-4139)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the i915 kernel driver on Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.



7) Stack-based buffer overflow (CVE-ID: CVE-2022-4378)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.


8) Buffer overflow (CVE-ID: CVE-2022-43945)

The vulnerability allows a remote attacker to perform a denial of service attacl.

The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References