suse-su-2022:0764-1
Vulnerability from csaf_suse
Published
2022-03-09 13:32
Modified
2022-03-09 13:32
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
The following non-security bugs were fixed:
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
Patchnames
SUSE-2022-764,SUSE-SLE-Module-RT-15-SP2-2022-764,SUSE-SUSE-MicroOS-5.0-2022-764
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.\n\n\nTransient execution side-channel attacks attacking the Branch History Buffer (BHB),\nnamed \u0027Branch Target Injection\u0027 and \u0027Intra-Mode Branch History Injection\u0027 are now mitigated.\n\nThe following security bugs were fixed:\n\n- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).\n- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).\n- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).\n\nThe following non-security bugs were fixed:\n\n- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).\n- lib/iov_iter: initialize \u0027flags\u0027 in new pipe_buffer (bsc#1196584).\n- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).\n- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).\n- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).\n- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).\n- powerpc/pseries/ddw: Revert \u0027Extend upper limit for huge DMA window for persistent memory\u0027 (bsc#1195995 ltc#196394).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-764,SUSE-SLE-Module-RT-15-SP2-2022-764,SUSE-SUSE-MicroOS-5.0-2022-764",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0764-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0764-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220764-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0764-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010389.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191580",
"url": "https://bugzilla.suse.com/1191580"
},
{
"category": "self",
"summary": "SUSE Bug 1192483",
"url": "https://bugzilla.suse.com/1192483"
},
{
"category": "self",
"summary": "SUSE Bug 1195701",
"url": "https://bugzilla.suse.com/1195701"
},
{
"category": "self",
"summary": "SUSE Bug 1195995",
"url": "https://bugzilla.suse.com/1195995"
},
{
"category": "self",
"summary": "SUSE Bug 1196584",
"url": "https://bugzilla.suse.com/1196584"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0001 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0002 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0847 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0847/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-03-09T13:32:59Z",
"generator": {
"date": "2022-03-09T13:32:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0764-1",
"initial_release_date": "2022-03-09T13:32:59Z",
"revision_history": [
{
"date": "2022-03-09T13:32:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-76.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-76.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-76.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-76.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-76.1.noarch",
"product_id": "kernel-source-rt-5.3.18-76.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-76.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-76.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP2",
"product": {
"name": "SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "dlm-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.3.18-76.1.noarch as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch"
},
"product_reference": "kernel-devel-rt-5.3.18-76.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt-devel-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt_debug-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-76.1.noarch as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-76.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-syms-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-76.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0001"
}
],
"notes": [
{
"category": "general",
"text": "Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0001",
"url": "https://www.suse.com/security/cve/CVE-2022-0001"
},
{
"category": "external",
"summary": "SUSE Bug 1191580 for CVE-2022-0001",
"url": "https://bugzilla.suse.com/1191580"
},
{
"category": "external",
"summary": "SUSE Bug 1196901 for CVE-2022-0001",
"url": "https://bugzilla.suse.com/1196901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T13:32:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-0001"
},
{
"cve": "CVE-2022-0002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0002"
}
],
"notes": [
{
"category": "general",
"text": "Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0002",
"url": "https://www.suse.com/security/cve/CVE-2022-0002"
},
{
"category": "external",
"summary": "SUSE Bug 1191580 for CVE-2022-0002",
"url": "https://bugzilla.suse.com/1191580"
},
{
"category": "external",
"summary": "SUSE Bug 1196901 for CVE-2022-0002",
"url": "https://bugzilla.suse.com/1196901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T13:32:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-0002"
},
{
"cve": "CVE-2022-0847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0847"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0847",
"url": "https://www.suse.com/security/cve/CVE-2022-0847"
},
{
"category": "external",
"summary": "SUSE Bug 1196584 for CVE-2022-0847",
"url": "https://bugzilla.suse.com/1196584"
},
{
"category": "external",
"summary": "SUSE Bug 1196601 for CVE-2022-0847",
"url": "https://bugzilla.suse.com/1196601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T13:32:59Z",
"details": "important"
}
],
"title": "CVE-2022-0847"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…