SB2022062440 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 20 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2019-19377)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

2) Protection Mechanism Failure (CVE-ID: CVE-2020-26541)

The vulnerability allows a local user to escalate privileges on the system.

The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. A local user can escalate privileges on the system.

3) Input validation error (CVE-ID: CVE-2021-33061)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control flow management. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2022-0168)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS). A privileged (CAP_SYS_ADMIN) attacker can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2022-1184)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in fs/ext4/namei.c:dx_insert_block() function in the Linux kernel’s filesystem sub-component.. A local user can trigger use-after-free and perform a denial of service attack.

6) Use-after-free (CVE-ID: CVE-2022-1652)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the bad_flp_intr() function. A local user can execute a specially-crafted program to cause a denial of service condition on the system or escalate privileges on the system.

7) Race condition (CVE-ID: CVE-2022-1729)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within sys_perf_event_open() in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

8) Use-after-free (CVE-ID: CVE-2022-1966)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can trigger use-after-free error to escalate privileges on the system.

9) Out-of-bounds write (CVE-ID: CVE-2022-1972)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel's netfilter subsystem. A local user can trigger out-of-bounds write to escalate privileges on the system.

10) Use-after-free (CVE-ID: CVE-2022-1974)

The vulnerability allows a local privileged user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. A local attacker with CAP_NET_ADMIN privilege can leak kernel information and escalate privileges on the system.

11) Uncaught Exception (CVE-ID: CVE-2022-1975)

The vulnerability allows a remote attacker on the local network to perform a denial of service (DoS) attack.

The vulnerability exists due to an uncaught exception error in the Linux kernel. A remote attacker on the local network can perform a denial of service (DoS) attack.

12) Use of uninitialized resource (CVE-ID: CVE-2022-20008)

The vulnerability allows a local application to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources within the mmc_blk_read_single() function in block.c. A local application can obtain potentially sensitive information from memory when reading from an SD card that triggers errors.

13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20141)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper imposition of security restrictions in the Linux kernel's components. A local user can trigger the vulnerability to bypass security restrictions bypass and escalate privileges on the system.

14) Information disclosure (CVE-ID: CVE-2022-21123)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

15) Information disclosure (CVE-ID: CVE-2022-21125)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

16) Incomplete cleanup (CVE-ID: CVE-2022-21127)

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due to incomplete cleanup in specific special register read operations. A local user can enable information disclosure.

17) Information disclosure (CVE-ID: CVE-2022-21166)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

18) Input validation error (CVE-ID: CVE-2022-21180)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in Memory Mapped I/O (MMIO) for some 14nm Client/Xeon E3 Intel® Processors. A local user can pass specially crafted input and perform a denial of service (DoS) attack in certain virtualized environments.

19) Incorrect default permissions (CVE-ID: CVE-2022-30594)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to mishandling seccomp permissions. A local user can bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag and escalate privileges on the system.

20) Use-after-free (CVE-ID: CVE-2022-32250)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free incorrect NFT_STATEFUL_EXPR in net/netfilter/nf_tables_api.c in Linux kernel. A local user with ability to create user/net namespaces can execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2022/suse-su-20222177-1/