Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3123-1 Final 1 1 2022-09-06T16:34:02Z current 2022-09-06T16:34:02Z 2022-09-06T16:34:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) This update for the Linux Kernel 5.14.21-150400_24_16 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2021-39698: Fixed possible memory corruption in aio_poll_complete_work of aio.c, that could have led to local escalation of privilege with no additional execution privileges needed (bsc#1196959). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-3123,SUSE-SLE-Module-Live-Patching-15-SP4-2022-3123 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223123-1/ Link for SUSE-SU-2022:3123-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012119.html E-Mail link for SUSE-SU-2022:3123-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1196867 SUSE Bug 1196867 https://bugzilla.suse.com/1196959 SUSE Bug 1196959 https://bugzilla.suse.com/1201941 SUSE Bug 1201941 https://www.suse.com/security/cve/CVE-2020-36516/ SUSE CVE CVE-2020-36516 page https://www.suse.com/security/cve/CVE-2021-39698/ SUSE CVE CVE-2021-39698 page https://www.suse.com/security/cve/CVE-2022-36946/ SUSE CVE CVE-2022-36946 page SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150400_24_18-default-2-150400.2.1 kernel-livepatch-5_14_21-150400_24_18-default-2-150400.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. CVE-2020-36516 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-2-150400.2.1 important 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223123-1/ https://www.suse.com/security/cve/CVE-2020-36516.html CVE-2020-36516 https://bugzilla.suse.com/1196616 SUSE Bug 1196616 https://bugzilla.suse.com/1196867 SUSE Bug 1196867 https://bugzilla.suse.com/1204092 SUSE Bug 1204092 https://bugzilla.suse.com/1204183 SUSE Bug 1204183 In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel CVE-2021-39698 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-2-150400.2.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223123-1/ https://www.suse.com/security/cve/CVE-2021-39698.html CVE-2021-39698 https://bugzilla.suse.com/1196956 SUSE Bug 1196956 https://bugzilla.suse.com/1196959 SUSE Bug 1196959 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. CVE-2022-36946 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-2-150400.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223123-1/ https://www.suse.com/security/cve/CVE-2022-36946.html CVE-2022-36946 https://bugzilla.suse.com/1201940 SUSE Bug 1201940 https://bugzilla.suse.com/1201941 SUSE Bug 1201941 https://bugzilla.suse.com/1202312 SUSE Bug 1202312 https://bugzilla.suse.com/1202874 SUSE Bug 1202874 https://bugzilla.suse.com/1203208 SUSE Bug 1203208 https://bugzilla.suse.com/1204132 SUSE Bug 1204132 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1212310 SUSE Bug 1212310