Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

SUSE: 2021:1074-1 Important Update on Kernel Live Patch for SLE 12 SP3

suse
Calendar Grey April 7, 2021
Scroller Suse
A recent update to the Linux Kernel fixes five security flaws, bolstering the safety of Red Hat Enterprise Linux.
An update that fixes 6 vulnerabilities is now available

Summary

This update for the Linux Kernel 4.4.180-94_141 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to local escalation of privilege with System execution

References

#1165631 #1176931 #1177513 #1182717 #1183120

#1183491

Cross- CVE-2020-0429 CVE-2020-1749 CVE-2020-25645

CVE-2021-27363 CVE-2021-27364 CVE-2021-27365

CVSS scores:

CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-1749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2020-25645 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2020-25645 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:1074-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.