Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2000-1 Final 1 1 2022-06-06T17:05:01Z current 2022-06-06T17:05:01Z 2022-06-06T17:05:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-57 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-2000,SUSE-SLE-Module-Live-Patching-15-SP3-2022-2000 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222000-1/ Link for SUSE-SU-2022:2000-1 https://lists.suse.com/pipermail/sle-security-updates/2022-June/011245.html E-Mail link for SUSE-SU-2022:2000-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1197597 SUSE Bug 1197597 https://bugzilla.suse.com/1199602 SUSE Bug 1199602 https://bugzilla.suse.com/1199834 SUSE Bug 1199834 https://www.suse.com/security/cve/CVE-2022-1048/ SUSE CVE CVE-2022-1048 page https://www.suse.com/security/cve/CVE-2022-30594/ SUSE CVE CVE-2022-30594 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-57-default-18-150200.3.2 kernel-livepatch-5_3_18-57-preempt-18-150200.3.2 kernel-livepatch-5_3_18-57-default-18-150200.3.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1048 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-18-150200.3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222000-1/ https://www.suse.com/security/cve/CVE-2022-1048.html CVE-2022-1048 https://bugzilla.suse.com/1197331 SUSE Bug 1197331 https://bugzilla.suse.com/1197597 SUSE Bug 1197597 https://bugzilla.suse.com/1200041 SUSE Bug 1200041 https://bugzilla.suse.com/1204132 SUSE Bug 1204132 https://bugzilla.suse.com/1212325 SUSE Bug 1212325 The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. CVE-2022-30594 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-18-150200.3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222000-1/ https://www.suse.com/security/cve/CVE-2022-30594.html CVE-2022-30594 https://bugzilla.suse.com/1199505 SUSE Bug 1199505 https://bugzilla.suse.com/1199602 SUSE Bug 1199602 https://bugzilla.suse.com/1201549 SUSE Bug 1201549 https://bugzilla.suse.com/1204132 SUSE Bug 1204132