SB2022033024 - SUSE update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022033024

SB2022033024 - SUSE update for the Linux Kernel

Published: March 30, 2022 Updated: December 13, 2024

Security Bulletin ID SB2022033024
Severity
Medium
Patch available
YES
Number of vulnerabilities 24
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 4% Low 96%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 24 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2021-0920)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unix_scm_to_skb() function of af_unix.c in Linux kernel. A local user can run a specially crafted program to trigger a race condition and execute arbitrary code with elevated privileges.



2) Use-after-free (CVE-ID: CVE-2021-39698)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.


3) NULL pointer dereference (CVE-ID: CVE-2021-44879)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the gc_data_segment() function in fs/f2fs/gc.c. A local user can mount a specially crafted f2fs image, trigger a NULL pointer dereference and perform a denial of service (DoS) attack.


4) Out-of-bounds read (CVE-ID: CVE-2021-45402)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction. A local user can obtain potentially sensitive address information.


5) Use-after-free (CVE-ID: CVE-2022-0487)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. A local user can trigger a use-after-free error and gain access to sensitive information.


6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-0492)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in  kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.


7) Out-of-bounds write (CVE-ID: CVE-2022-0516)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in kvm_s390_guest_sida_op() function in the arch/s390/kvm/kvm-s390.c in KVM for s390 in the Linux kernel. A local user can trigger an out-of-bounds write and escalate privileges on the system.


8) NULL pointer dereference (CVE-ID: CVE-2022-0617)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.


9) Reachable Assertion (CVE-ID: CVE-2022-0644)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion error in the Linux kernel’s kernel_read_file_from_fd in the filesystem. A local user can attempt to read a file without read access/permission to perform a denial of service (DoS) attack.


10) Race condition (CVE-ID: CVE-2022-23036)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the blkfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.


11) Race condition (CVE-ID: CVE-2022-23037)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.


12) Race condition (CVE-ID: CVE-2022-23038)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the scsifront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.


13) Race condition (CVE-ID: CVE-2022-23039)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the gntalloc ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.


14) Race condition (CVE-ID: CVE-2022-23040)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the xenbus ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.


15) Race condition (CVE-ID: CVE-2022-23041)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls ring buffers. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.


16) Reachable Assertion (CVE-ID: CVE-2022-23042)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to reachable assertion in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.


17) Missing initialization of resource (CVE-ID: CVE-2022-24448)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.


18) Release of invalid pointer or reference (CVE-ID: CVE-2022-24958)

The vulnerability allows remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to release of illegal memory vulnerability in the drivers/usb/gadget/legacy/inode.c. A remote attacker can send specially crafted data and perform a denial of service (DoS) attack.


19) Memory leak (CVE-ID: CVE-2022-24959)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the yam_siocdevprivate() function in drivers/net/hamradio/yam.c. A local user can perform a denial of service attack.


20) NULL pointer dereference (CVE-ID: CVE-2022-25258)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error drivers/usb/gadget/composite.c in the Linux kernel. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). A local user can run a specially crafted program to trigger memory corruption and perform a denial of service (DoS) attack.


21) Heap-based buffer overflow (CVE-ID: CVE-2022-25636)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in net/netfilter/nf_dup_netdev.c in the Linux kernel, related to nf_tables_offload. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.


22) Buffer overflow (CVE-ID: CVE-2022-26490)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.


23) Use-after-free (CVE-ID: CVE-2022-26966)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in drivers/net/usb/sr9700.c in the Linux kernel. A remote attacker can pass specially crafted data and obtain sensitive information from heap memory.


24) Improper Validation of Array Index (CVE-ID: CVE-2022-27223)

The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges.

The vulnerability exists due to improper validation of array index in drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel. A remote attacker can send specially crafted data to the system and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References