SUSE-SU-2022:2281-1

HIGH7.4

Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP3)

Published Jul 6, 2022

Modified 3 years ago

Fix available

Details

Description of the patch:

This update for the Linux Kernel 4.4.180-94_161 fixes one issue.

The following security issue was fixed:

CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)

Affected Packages

kgraft-patch-4_12_14-122_77-default

SUSE Linux Enterprise Live Patching 12 SP5

Fixed in:

17-2.2

kgraft-patch-4_4_180-94_147-default

SUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

14-2.2

kgraft-patch-4_4_180-94_150-default

SUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

10-2.2

kgraft-patch-4_4_180-94_153-default

SUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

6-2.2

kgraft-patch-4_4_180-94_156-default

SUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

5-2.2

kgraft-patch-4_4_180-94_161-default

SUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

4-2.2

References

https://bugzilla.suse.com/1199606

https://lists.suse.com/pipermail/sle-security-updates/2022-July/011410.html

https://www.suse.com/security/cve/CVE-2022-1734/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2022/suse-su-20222281-1/

CVSS Analysis

CVSS v3.1

7.4

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.4/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Upstream

Ecosystems

SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3

Timeline

PublishedJul 6, 2022

ModifiedJul 6, 2022

SUSE-SU-2022:2281-1 | Mondoo Vulnerability Intelligence