Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE 12-SP3: 2021:2026-1 Critical: Linux Kernel Memory Bugs

suse
Calendar Grey June 18, 2021
Scroller Suse
SUSE has released a critical update for the Linux Kernel addressing various vulnerabilities, such as memory corruption and user privilege escalation concerns.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for the Linux Kernel 4.4.180-94_144 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-28688: Fixed an issue introduced by XSA-365, leaving around zombie domains after xen guest has died (bsc#1183646). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. (bsc#1176724). - Fixed a regression with the last livepatch which caused a kernel warning during sysfs read (bsc#1186235). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

References

#1176931 #1182294 #1186235 #1186285

Cross- CVE-2020-0429 CVE-2021-28688 CVE-2021-33034

CVSS scores:

CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVE-2021-33034 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-33034 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server 12-SP3-LTSS

https://www.suse.com/security/cve/CVE-2020-0429.html

https://www.suse.com/security/cve/CVE-2021-28688.html

https://www.suse.com/security/cve/CVE-2021-33034.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2026-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.