SUSE Linux Kernel Multiple Vulnerabilities

Impact

• Elevation of Privilege
• Security Restriction Bypass
• Data Manipulation
• Information Disclosure
• Denial of Service
• Remote Code Execution

System / Technologies affected

• HPE Helion Openstack 8
• SUSE Linux Enterprise Desktop 15-SP3
• SUSE Linux Enterprise High Availability 12-SP3
• SUSE Linux Enterprise High Availability 12-SP4
• SUSE Linux Enterprise High Availability 15-SP3
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 12-SP3
• SUSE Linux Enterprise High Performance Computing 12-SP4
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Basesystem 15-SP3
• SUSE Linux Enterprise Module for Development Tools 15-SP3
• SUSE Linux Enterprise Module for Legacy Software 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 12-SP2-BCL
• SUSE Linux Enterprise Server 12-SP3
• SUSE Linux Enterprise Server 12-SP3-BCL
• SUSE Linux Enterprise Server 12-SP3-LTSS
• SUSE Linux Enterprise Server 12-SP4
• SUSE Linux Enterprise Server 12-SP4-LTSS
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP 12-SP3
• SUSE Linux Enterprise Server for SAP 12-SP4
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Workstation Extension 15-SP3
• SUSE Manager Proxy 4.2
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Server 4.2
• SUSE OpenStack Cloud 8
• SUSE OpenStack Cloud 9
• SUSE OpenStack Cloud Crowbar 8
• SUSE OpenStack Cloud Crowbar 9
• openSUSE Leap 15.3
• openSUSE Leap 15.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20222077-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222078-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222079-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222082-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222083-1/

Vulnerability Identifier

• CVE-2017-13695
• CVE-2018-7755
• CVE-2018-20784
• CVE-2019-19377
• CVE-2019-20811
• CVE-2020-10769
• CVE-2021-20292
• CVE-2021-20321
• CVE-2021-28688
• CVE-2021-33061
• CVE-2021-38208
• CVE-2021-39711
• CVE-2021-43389
• CVE-2022-0168
• CVE-2022-1011
• CVE-2022-1184
• CVE-2022-1353
• CVE-2022-1419
• CVE-2022-1516
• CVE-2022-1652
• CVE-2022-1729
• CVE-2022-1734
• CVE-2022-1966
• CVE-2022-1972
• CVE-2022-1974
• CVE-2022-1975
• CVE-2022-20008
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-21180
• CVE-2022-21499
• CVE-2022-24448
• CVE-2022-28388
• CVE-2022-28390
• CVE-2022-30594

Source

• AusCERT
• SUSE

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.2955
• https://www.auscert.org.au/bulletins/ESB-2022.2956
• https://www.auscert.org.au/bulletins/ESB-2022.2957
• https://www.auscert.org.au/bulletins/ESB-2022.2958
• https://www.auscert.org.au/bulletins/ESB-2022.2972
• https://www.auscert.org.au/bulletins/ESB-2022.2973
• https://www.suse.com/support/update/announcement/2022/suse-su-20222077-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222078-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222079-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222082-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222083-1/