{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-livepatch-5_14_21-150400_22-default":"5-150400.4.12.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Live Patching 15 SP4","name":"kernel-livepatch-SLE15-SP4_Update_0","purl":"pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5-150400.4.12.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.\n\nThe following security issues were fixed:\n- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867).\n- CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bsc#1202163).\n- CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941).\n","id":"SUSE-SU-2022:3108-1","modified":"2022-09-06T09:05:07Z","published":"2022-09-06T09:05:07Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223108-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196867"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201941"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202163"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-36516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2585"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-36946"}],"related":["CVE-2020-36516","CVE-2022-2585","CVE-2022-36946"],"summary":"Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)","upstream":["CVE-2020-36516","CVE-2022-2585","CVE-2022-36946"]}