Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 509
Alerts This Week
Warning Icon 1 509

SUSE 2021:2305-1 Important: Kernel Security Update for Public Cloud

suse
Calendar Grey July 13, 2021
Scroller Suse Esm H88
A recent openSUSE patch addresses 5 security flaws along with 40 critical enhancements to strengthen the integrity of the Linux kernel.
An update that solves 5 vulnerabilities and has 40 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)

References

#1152489 #1153274 #1154353 #1155518 #1164648

#1176447 #1176774 #1176919 #1177028 #1178134

#1182470 #1183682 #1184212 #1184685 #1185486

#1185675 #1185677 #1186071 #1186206 #1186666

#1186949 #1187171 #1187263 #1187356 #1187402

#1187403 #1187404 #1187407 #1187408 #1187409

#1187410 #1187411 #1187412 #1187413 #1187452

#1187554 #1187595 #1187601 #1187795 #1187867

#1187883 #1187886 #1187927 #1187972 #1187980

Cross- CVE-2021-0512 CVE-2021-0605 CVE-2021-33624

CVE-2021-34693 CVE-2021-3573

CVSS scores:

CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2305-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.