mickmick.net

SUSE Linux Kernel Multiple Vulnerabilities

Release Date: 21 Dec 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in SUSE Linux. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

---

System / Technologies affected

• openSUSE Leap 15.3
• openSUSE Leap 15.4
• SUSE CaaS Platform 4.0
• SUSE Enterprise Storage 6
• SUSE Linux Enterprise Desktop 12-SP5
• SUSE Linux Enterprise High Availability 12-SP5
• SUSE Linux Enterprise High Availability 15
• SUSE Linux Enterprise High Availability 15-SP1
• SUSE Linux Enterprise High Performance Computing 12-SP5
• SUSE Linux Enterprise High Performance Computing 15
• SUSE Linux Enterprise High Performance Computing 15-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP1
• SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise High Performance Computing 15-SP4
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Module for Live Patching 15
• SUSE Linux Enterprise Module for Live Patching 15-SP1
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP4
• SUSE Linux Enterprise Server 12-SP2-BCL
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15
• SUSE Linux Enterprise Server 15-LTSS
• SUSE Linux Enterprise Server 15-SP1
• SUSE Linux Enterprise Server 15-SP1-BCL
• SUSE Linux Enterprise Server 15-SP1-LTSS
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server 15-SP4
• SUSE Linux Enterprise Server for SAP 15
• SUSE Linux Enterprise Server for SAP 15-SP1
• SUSE Linux Enterprise Server for SAP Applications 12-SP5
• SUSE Linux Enterprise Server for SAP Applications 15
• SUSE Linux Enterprise Server for SAP Applications 15-SP1
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Server for SAP Applications 15-SP4
• SUSE Linux Enterprise Software Development Kit 12-SP5
• SUSE Linux Enterprise Workstation Extension 12-SP5
• SUSE Manager Proxy 4.0
• SUSE Manager Retail Branch Server 4.0
• SUSE Manager Server 4.0

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20224551-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224559-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224560-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224561-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224566-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224569-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224572-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224573-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224574-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224550-1

---

Vulnerability Identifier

• CVE-2019-3874
• CVE-2020-26541
• CVE-2021-4037
• CVE-2022-2153
• CVE-2022-2663
• CVE-2022-2964
• CVE-2022-3169
• CVE-2022-3424
• CVE-2022-3521
• CVE-2022-3524
• CVE-2022-3542
• CVE-2022-3545
• CVE-2022-3565
• CVE-2022-3567
• CVE-2022-3577
• CVE-2022-3586
• CVE-2022-3594
• CVE-2022-3621
• CVE-2022-3628
• CVE-2022-3629
• CVE-2022-3635
• CVE-2022-3640
• CVE-2022-3643
• CVE-2022-3646
• CVE-2022-3649
• CVE-2022-3903
• CVE-2022-4095
• CVE-2022-4139
• CVE-2022-4378
• CVE-2022-28693
• CVE-2022-28748
• CVE-2022-33981
• CVE-2022-40307
• CVE-2022-40768
• CVE-2022-41218
• CVE-2022-41848
• CVE-2022-41850
• CVE-2022-41858
• CVE-2022-42328
• CVE-2022-42329
• CVE-2022-42703
• CVE-2022-42895
• CVE-2022-42896
• CVE-2022-43750
• CVE-2022-43945
• CVE-2022-45934

---

Source

• AusCERT
• SUSE

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.6629
• https://www.auscert.org.au/bulletins/ESB-2022.6628
• https://www.auscert.org.au/bulletins/ESB-2022.6627
• https://www.auscert.org.au/bulletins/ESB-2022.6626
• https://www.auscert.org.au/bulletins/ESB-2022.6625
• https://www.auscert.org.au/bulletins/ESB-2022.6624
• https://www.auscert.org.au/bulletins/ESB-2022.6623
• https://www.auscert.org.au/bulletins/ESB-2022.6622
• https://www.auscert.org.au/bulletins/ESB-2022.6621
• https://www.auscert.org.au/bulletins/ESB-2022.6620
• https://www.auscert.org.au/bulletins/ESB-2022.6619
• https://www.suse.com/support/update/announcement/2022/suse-su-20224551-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224559-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224560-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224561-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224566-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224569-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224572-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224573-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224574-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20224550-1