SB2022041347 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2021-45868)

The vulnerability allows a local user to perform a denial-of-service attack.

The vulnerability exists due to fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). A local user can trigger use-after-free error and perform a denial-of-service attack.

2) Information disclosure (CVE-ID: CVE-2022-0850)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the copy_page_to_iter() function in iov_iter.c in Linux kernel. A local user can gain unauthorized access to sensitive information on the system.

3) Memory leak (CVE-ID: CVE-2022-0854)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.

4) Use-after-free (CVE-ID: CVE-2022-1011)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.

5) Use-after-free (CVE-ID: CVE-2022-1016)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.

6) Use-after-free (CVE-ID: CVE-2022-1048)

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to a use-after-free error in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. A local user can execute arbitrary code with elevated privileges and perform a denial-of-service attack.

7) Use-after-free (CVE-ID: CVE-2022-1055)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tc_new_tfilter in Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

8) Use-after-free (CVE-ID: CVE-2022-1195)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/net/hamradio. A local user can cause a denial of service (DOS) when the mkiss or sixpack device is detached.

9) Use-after-free (CVE-ID: CVE-2022-1198)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/net/hamradio/6pack.c. A local user can perform a denial of service (DoS) attack by simulating Amateur Radio.

10) NULL pointer dereference (CVE-ID: CVE-2022-1199)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a Null pointer dereference and use after free errors in the ax25_release() function. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2022-1205)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a null pointer dereference and use after free errors in the net/ax25/ax25_timer.c. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.

12) Heap-based buffer overflow (CVE-ID: CVE-2022-27666)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

13) Double Free (CVE-ID: CVE-2022-28388)

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to boundary error in the usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.

14) Double Free (CVE-ID: CVE-2022-28389)

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to boundary error in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.

15) Double Free (CVE-ID: CVE-2022-28390)

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to boundary error in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2022/suse-su-20221183-1/