Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

SUSE Linux 15 SP1: 2021:0737-1 Critical Kernel Update for Multiple Threats

suse
Calendar Grey March 9, 2021
Dist Suse Esm H88
SUSE reveals a kernel patch for version 15 SP1, tackling several security vulnerabilities and multiple issues. System reboot is advised.
An update that solves 5 vulnerabilities and has 14 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed:

References

#1065600 #1163617 #1170442 #1176855 #1179082

#1179428 #1179660 #1180058 #1180262 #1180964

#1181671 #1181747 #1181753 #1181843 #1181854

#1182047 #1182130 #1182140 #1182175

Cross- CVE-2020-29368 CVE-2020-29374 CVE-2021-26930

CVE-2021-26931 CVE-2021-26932

CVSS scores:

CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0737-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.