File _patchinfo of Package patchinfo.23883
<patchinfo incident="23883">
<issue id="1197335" tracker="bnc">VUL-0: CVE-2022-1015,CVE-2022-1016: kernel live patch: Vulnerability in nf_tables can cause privilege escalation</issue>
<issue id="1197344" tracker="bnc">VUL-0: CVE-2022-1011: kernel live patch: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes</issue>
<issue id="1197705" tracker="bnc">VUL-0: CVE-2022-1055: kernel live patch: use-after-free in tc_new_tfilter</issue>
<issue id="2022-1011" tracker="cve" />
<issue id="2022-1016" tracker="cve" />
<issue id="2022-1055" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>nstange</packager>
<description>This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues.
The following security issues were fixed:
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197705)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344)
</description>
<summary>Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2)</summary>
</patchinfo>