Linux Kernel Multiple Vulnerabilities
Last Update Date:
22 Aug 2024
Release Date:
4 Feb 2022
5506
Views
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system.
Note:
CVE-2022-0185 is being exploited in the wild. An unprivileged local user could use this vulnerability to open a filesystem that does not support the Filesystem Context API and perform escalation of privilege on the system. The risk level is rated as Medium Risk.
[Updated on 2024-08-22]
Updated Description.
Impact
- Denial of Service
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- SUSE Linux Enterprise Live Patching 12-SP4
- SUSE Linux Enterprise Micro 5.0
- SUSE Linux Enterprise Micro 5.1
- SUSE Linux Enterprise Module for Live Patching 15-SP2
- SUSE Linux Enterprise Module for Live Patching 15-SP3
- SUSE Linux Enterprise Module for Realtime 15-SP2
- SUSE Linux Enterprise Module for Realtime 15-SP3
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.suse.com/support/update/announcement/2022/suse-su-20220288-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220293-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220292-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220296-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220298-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220295-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220241-1
Vulnerability Identifier
- CVE-2018-25020
- CVE-2020-3702
- CVE-2020-25670
- CVE-2020-25671
- CVE-2020-25672
- CVE-2020-25673
- CVE-2021-4028
- CVE-2021-4083
- CVE-2021-4135
- CVE-2021-4149
- CVE-2021-4154
- CVE-2021-4197
- CVE-2021-4202
- CVE-2021-23134
- CVE-2021-42739
- CVE-2021-44733
- CVE-2021-45485
- CVE-2021-45486
- CVE-2021-46283
- CVE-2022-0185
- CVE-2022-0322
Source
Related Link
- https://www.auscert.org.au/bulletins/ESB-2022.0459
- https://www.auscert.org.au/bulletins/ESB-2022.0458
- https://www.auscert.org.au/bulletins/ESB-2022.0430
- https://www.suse.com/support/update/announcement/2022/suse-su-20220288-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220293-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220292-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220296-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220298-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220295-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220241-1
- https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog
Related Tags
Share with