Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2021:0452-1 Important: Kernel Fixes for Local Users Risk

suse
Calendar Grey February 12, 2021
Dist Suse Esm H88
Critical security updates released for SUSE Linux Kernel targeting various vulnerabilities. Users are urged to apply patches promptly.
An update that solves 25 vulnerabilities and has 22 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-29569: Fixed a potential privilege escalation and information

References

#1105322 #1105323 #1139944 #1168952 #1173942

#1175306 #1176395 #1176485 #1177440 #1177666

#1178182 #1178272 #1178589 #1178886 #1179107

#1179140 #1179141 #1179204 #1179419 #1179508

#1179509 #1179601 #1179616 #1179663 #1179666

#1179745 #1179877 #1179878 #1179960 #1179961

#1180008 #1180027 #1180028 #1180029 #1180030

#1180031 #1180032 #1180052 #1180086 #1180559

#1180562 #1180815 #1181096 #1181158 #1181349

#1181553 #969755

Cross- CVE-2018-10902 CVE-2019-20934 CVE-2020-0444

CVE-2020-0465 CVE-2020-0466 CVE-2020-11668

CVE-2020-15436 CVE-2020-15437 CVE-2020-25211

CVE-2020-25285 CVE-2020-25669 CVE-2020-27068

CVE-2020-27777 CVE-2020-27786 CVE-2020-27825

CVE-2020-27835 CVE-2020-28915 CVE-2020-28974

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0452-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.