Linux Kernel Multiple Vulnerabilities
Last Update Date:
22 Aug 2024
Release Date:
27 Jan 2022
5744
Views
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system.
Note:
CVE-2022-0185 is being exploited in the wild. An unprivileged local user could use this vulnerability to open a filesystem that does not support the Filesystem Context API and perform escalation of privilege on the system. The risk level is rated as Medium Risk.
[Updated on 2024-08-22]
Updated Description.
Impact
- Denial of Service
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- SUSE Enterprise Storage 7
- SUSE Linux Enterprise High Availability 15-SP2 and 15-SP3
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
- SUSE Linux Enterprise Module for Basesystem 15-SP3
- SUSE Linux Enterprise Module for Development Tools 15-SP3
- SUSE Linux Enterprise Module for Legacy Software 15-SP3
- SUSE Linux Enterprise Module for Live Patching 15-SP2 and 15-SP3
- SUSE Linux Enterprise Module for Public Cloud 15-SP3
- SUSE Linux Enterprise Module for Realtime 15-SP2
- SUSE Linux Enterprise Server 15-SP2-BCL
- SUSE Linux Enterprise Server 15-SP2-LTSS
- SUSE Linux Enterprise Server for SAP 15-SP2
- SUSE Linux Enterprise Workstation Extension 15-SP3
- SUSE Manager Proxy 4.1
- SUSE Manager Retail Branch Server 4.1
- SUSE Manager Server 4.1
- SUSE MicroOS 5.0 and 5.1
- openSUSE Leap 15.3 and 15.4
Solutions
Before installation of the software, please visit the vendor web-site for more details.
For Suse:
- Apply fixes issued by the vendor:
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010060.html
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010073.html
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010079.html
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010080.html
For OpenSuse:
- Apply fixes issued by the vendor:
Vulnerability Identifier
- CVE-2021-4083
- CVE-2021-4135
- CVE-2021-4149
- CVE-2021-4197
- CVE-2021-4202
- CVE-2021-45485
- CVE-2021-45486
- CVE-2021-46283
- CVE-2022-0185
- CVE-2022-0322
- CVE-2021-28711
- CVE-2021-28712
- CVE-2021-28713
- CVE-2021-28714
- CVE-2021-28715
- CVE-2021-33098
- CVE-2021-4001
- CVE-2021-4002
- CVE-2021-43975
- CVE-2021-43976
- CVE-2020-27820
- CVE-2020-27825
- CVE-2021-44733
Source
Related Link
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010060.html
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010073.html
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010079.html
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010080.html
- https://lists.opensuse.org/archives/list/[email protected]/thread/JVCSEXTJ2SI3QLMCUUQNNUT3HNZQJIML/
- https://lists.opensuse.org/archives/list/[email protected]/thread/S44U3IKMS3KZS626YQ5ZYDHA2HLKQNER/
- https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog
Related Tags
Share with