logo
DATABASE RESOURCES PRICING ABOUT US

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2482-1)

Description

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2482-1 advisory. - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729) - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154) - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related