File _patchinfo of Package patchinfo.23873
<patchinfo incident="23873"> <issue id="1197211" tracker="bnc">VUL-0: CVE-2021-39713: kernel live patch: race condition in the network scheduling subsystem which could lead to a use-after-free</issue> <issue id="1197335" tracker="bnc">VUL-0: CVE-2022-1015,CVE-2022-1016: kernel live patch: Vulnerability in nf_tables can cause privilege escalation</issue> <issue id="1197344" tracker="bnc">VUL-0: CVE-2022-1011: kernel live patch: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes</issue> <issue id="2021-39713" tracker="cve" /> <issue id="2022-1011" tracker="cve" /> <issue id="2022-1016" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>nstange</packager> <description>This update for the Linux Kernel 4.12.14-150_86 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). </description> <summary>Security update for the Linux Kernel (Live Patch 28 for SLE 15)</summary> </patchinfo>




