SB2022122164 - SUSE update for the Linux Kernel
Published: December 21, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-28693)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to unprotected alternative channel of return branch target prediction. A local user can gain access to sensitive information.
2) Race condition (CVE-ID: CVE-2022-3567)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the inet6_stream_ops() and inet6_dgram_ops() functions. A local user can exploit the race and escalate privileges on the system.
3) Buffer overflow (CVE-ID: CVE-2022-3628)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the brcmf_fweh_event_worker() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c. A local user can use a specially crafted device to trigger memory corruption and escalate privileges on the system.
4) Use-after-free (CVE-ID: CVE-2022-3635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the drivers/atm/idt77252.c in IPsec component of Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
5) Input validation error (CVE-ID: CVE-2022-3643)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of network packets. An attacker with access to the guest OS can trigger the related physical NIC on the host to reset, abort, or crash by sending certain kinds of packets.
6) Resource management error (CVE-ID: CVE-2022-3903)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incorrect read request flaw in the Infrared Transceiver USB driver in Linux kernel. An attacker with physical access to the system can starve system resources and perform a denial of service (DoS) attack.
7) Double Free (CVE-ID: CVE-2022-4095)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the cmd_hdl_filter() function in drivers/staging/rtl8712/rtl8712_cmd.c. A local user can trigger a double free error and execute arbitrary code with escalated privileges.
8) Race condition (CVE-ID: CVE-2022-41850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the roccat_report_event() function in drivers/hid/hid-roccat.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2022-41858)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the sl_tx_timeout() function in drivers/net/slip in Linux kernel. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2022-42328)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
11) Resource management error (CVE-ID: CVE-2022-42329)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
12) Access of Uninitialized Pointer (CVE-ID: CVE-2022-42895)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to unauthorized access of uninitialized pointer within the l2cap_parse_conf_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can gain access to sensitive information.
13) Use-after-free (CVE-ID: CVE-2022-42896)
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the l2cap_connect() and l2cap_le_connect_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can trigger a use-after-free error and execute arbitrary code on the system.
14) Stack-based buffer overflow (CVE-ID: CVE-2022-4378)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
15) Buffer overflow (CVE-ID: CVE-2022-43945)
The vulnerability allows a remote attacker to perform a denial of service attacl.
The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.
16) Integer overflow (CVE-ID: CVE-2022-45934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the l2cap_config_req() function in net/bluetooth/l2cap_core.c in Linux kernel. A local user can pass specially crafted L2CAP_CONF_REQ packets to the device, trigger an integer overflow and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.