In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade SLES:15.2
kernel-source
to version 5.3.18-150200.24.183.1 or higher.
Note: Versions mentioned in the description apply only to the upstream kernel-source
package and not the kernel-source
package as distributed by SLES
.
See How to fix?
for SLES:15.2
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ACPI: custom_method: fix potential use-after-free issue
In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it.
Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.