File _patchinfo of Package patchinfo.23871

<patchinfo incident="23871">
  <issue id="1197211" tracker="bnc">VUL-0: CVE-2021-39713: kernel live patch: race condition in the network scheduling subsystem which could lead to a use-after-free</issue>
  <issue id="1197335" tracker="bnc">VUL-0: CVE-2022-1015,CVE-2022-1016: kernel live patch: Vulnerability in nf_tables can cause privilege escalation</issue>
  <issue id="1197344" tracker="bnc">VUL-0: CVE-2022-1011: kernel live patch: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes</issue>
  <issue id="2021-39713" tracker="cve" />
  <issue id="2022-1011" tracker="cve" />
  <issue id="2022-1016" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 4.12.14-150_78 fixes several issues.

The following security issues were fixed:

- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344)
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211).
</description>
<summary>Security update for the Linux Kernel (Live Patch 26 for SLE 15)</summary>
</patchinfo>