Overview

File _patchinfo of Package patchinfo.23883

<patchinfo incident="23883">
  <issue id="1197335" tracker="bnc">VUL-0: CVE-2022-1015,CVE-2022-1016: kernel live patch: Vulnerability in nf_tables can cause privilege escalation</issue>
  <issue id="1197344" tracker="bnc">VUL-0: CVE-2022-1011: kernel live patch: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes</issue>
  <issue id="1197705" tracker="bnc">VUL-0: CVE-2022-1055: kernel live patch: use-after-free in tc_new_tfilter</issue>
  <issue id="2022-1011" tracker="cve" />
  <issue id="2022-1016" tracker="cve" />
  <issue id="2022-1055" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues.

The following security issues were fixed:

- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197705)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344)
</description>
<summary>Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2)</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places