Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 415
Alerts This Week
Warning Icon 1 415

SUSE: 2021:0740-1 Important: Kernel Issues Fixed and Bug Fixes

suse
Calendar Grey March 9, 2021
Dist Suse Esm H88
Significant SUSE release fixes various kernel vulnerabilities effectively. Implement upgrades to improve security and performance today.
An update that solves 5 vulnerabilities and has 11 fixes is now available

Summary

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed:

References

#1065600 #1163592 #1178401 #1178762 #1179014

#1179015 #1179045 #1179082 #1179428 #1179660

#1180058 #1181747 #1181753 #1181843 #1182140

#1182175

Cross- CVE-2020-29368 CVE-2020-29374 CVE-2021-26930

CVE-2021-26931 CVE-2021-26932

CVSS scores:

CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0740-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.