SUSE-SU-2022:0764-1
Vulnerability from csaf_suse - Published: 2022-03-09 13:32 - Updated: 2022-03-09 13:32Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
The following non-security bugs were fixed:
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
Patchnames
SUSE-2022-764,SUSE-SLE-Module-RT-15-SP2-2022-764,SUSE-SUSE-MicroOS-5.0-2022-764
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.\n\n\nTransient execution side-channel attacks attacking the Branch History Buffer (BHB),\nnamed \u0027Branch Target Injection\u0027 and \u0027Intra-Mode Branch History Injection\u0027 are now mitigated.\n\nThe following security bugs were fixed:\n\n- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).\n- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).\n- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).\n\nThe following non-security bugs were fixed:\n\n- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).\n- lib/iov_iter: initialize \u0027flags\u0027 in new pipe_buffer (bsc#1196584).\n- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).\n- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).\n- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).\n- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).\n- powerpc/pseries/ddw: Revert \u0027Extend upper limit for huge DMA window for persistent memory\u0027 (bsc#1195995 ltc#196394).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-764,SUSE-SLE-Module-RT-15-SP2-2022-764,SUSE-SUSE-MicroOS-5.0-2022-764",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0764-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0764-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220764-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0764-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010389.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191580",
"url": "https://bugzilla.suse.com/1191580"
},
{
"category": "self",
"summary": "SUSE Bug 1192483",
"url": "https://bugzilla.suse.com/1192483"
},
{
"category": "self",
"summary": "SUSE Bug 1195701",
"url": "https://bugzilla.suse.com/1195701"
},
{
"category": "self",
"summary": "SUSE Bug 1195995",
"url": "https://bugzilla.suse.com/1195995"
},
{
"category": "self",
"summary": "SUSE Bug 1196584",
"url": "https://bugzilla.suse.com/1196584"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0001 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0002 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0847 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0847/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-03-09T13:32:59Z",
"generator": {
"date": "2022-03-09T13:32:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0764-1",
"initial_release_date": "2022-03-09T13:32:59Z",
"revision_history": [
{
"date": "2022-03-09T13:32:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-76.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-76.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-76.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-76.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-76.1.noarch",
"product_id": "kernel-source-rt-5.3.18-76.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-76.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-76.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-76.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-76.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-76.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-76.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-76.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-76.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP2",
"product": {
"name": "SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "dlm-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.3.18-76.1.noarch as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch"
},
"product_reference": "kernel-devel-rt-5.3.18-76.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt-devel-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt_debug-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-76.1.noarch as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-76.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-syms-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-5.3.18-76.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-76.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0001"
}
],
"notes": [
{
"category": "general",
"text": "Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0001",
"url": "https://www.suse.com/security/cve/CVE-2022-0001"
},
{
"category": "external",
"summary": "SUSE Bug 1191580 for CVE-2022-0001",
"url": "https://bugzilla.suse.com/1191580"
},
{
"category": "external",
"summary": "SUSE Bug 1196901 for CVE-2022-0001",
"url": "https://bugzilla.suse.com/1196901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T13:32:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-0001"
},
{
"cve": "CVE-2022-0002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0002"
}
],
"notes": [
{
"category": "general",
"text": "Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0002",
"url": "https://www.suse.com/security/cve/CVE-2022-0002"
},
{
"category": "external",
"summary": "SUSE Bug 1191580 for CVE-2022-0002",
"url": "https://bugzilla.suse.com/1191580"
},
{
"category": "external",
"summary": "SUSE Bug 1196901 for CVE-2022-0002",
"url": "https://bugzilla.suse.com/1196901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T13:32:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-0002"
},
{
"cve": "CVE-2022-0847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0847"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0847",
"url": "https://www.suse.com/security/cve/CVE-2022-0847"
},
{
"category": "external",
"summary": "SUSE Bug 1196584 for CVE-2022-0847",
"url": "https://bugzilla.suse.com/1196584"
},
{
"category": "external",
"summary": "SUSE Bug 1196601 for CVE-2022-0847",
"url": "https://bugzilla.suse.com/1196601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-76.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-76.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-09T13:32:59Z",
"details": "important"
}
],
"title": "CVE-2022-0847"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…