logo
DATABASE RESOURCES PRICING ABOUT US

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:3061-1)

Description

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3061-1 advisory. - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516) - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related