SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2022:2010-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.4.2022.2010.1

Category: SuSE Local Security Checks

Title: SUSE: Security Advisory (SUSE-SU-2022:2010-1)

Summary: The remote host is missing an update for the 'Linux Kernel (Live Patch 44 for SLE 12 SP3)' package(s) announced via the SUSE-SU-2022:2010-1 advisory.

Description: Summary:
The remote host is missing an update for the 'Linux Kernel (Live Patch 44 for SLE 12 SP3)' package(s) announced via the SUSE-SU-2022:2010-1 advisory.

Vulnerability Insight:
This update for the Linux Kernel 4.4.180-94_161 fixes several issues.

The following security issue was fixed:

- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602).
- Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834).

Affected Software/OS:
'Linux Kernel (Live Patch 44 for SLE 12 SP3)' package(s) on SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP Applications 12-SP3.

Solution:
Please install the updated package(s).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-30594
Debian Security Information: DSA-5173 (Google Search)
https://www.debian.org/security/2022/dsa-5173
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=2276
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3
https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.4.2022.2010.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2022:2010-1)
Summary:	The remote host is missing an update for the 'Linux Kernel (Live Patch 44 for SLE 12 SP3)' package(s) announced via the SUSE-SU-2022:2010-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Linux Kernel (Live Patch 44 for SLE 12 SP3)' package(s) announced via the SUSE-SU-2022:2010-1 advisory. Vulnerability Insight: This update for the Linux Kernel 4.4.180-94_161 fixes several issues. The following security issue was fixed: - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Affected Software/OS: 'Linux Kernel (Live Patch 44 for SLE 12 SP3)' package(s) on SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP Applications 12-SP3. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-30594 Debian Security Information: DSA-5173 (Google Search) https://www.debian.org/security/2022/dsa-5173 http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3 https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Copyright	Copyright (C) 2022 Greenbone AG