Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2021:2406-1 Important: Local Privilege Escalation Threats

suse
Calendar Grey July 20, 2021
Dist Suse Esm H88
Crucial security patch released for SUSE Linux Kernel tackling various privilege escalation vulnerabilities and out-of-bounds errors.
An update that solves 20 vulnerabilities and has four fixes is now available

Summary

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to

References

#1179610 #1180846 #1184611 #1185859 #1185860

#1185861 #1185862 #1185863 #1185898 #1185987

#1186060 #1186062 #1186111 #1186390 #1186463

#1187038 #1187050 #1187215 #1187452 #1187595

#1187601 #1187934 #1188062 #1188116

Cross- CVE-2020-24586 CVE-2020-24587 CVE-2020-24588

CVE-2020-26139 CVE-2020-26141 CVE-2020-26145

CVE-2020-26147 CVE-2020-26558 CVE-2020-36385

CVE-2020-36386 CVE-2021-0129 CVE-2021-0512

CVE-2021-0605 CVE-2021-22555 CVE-2021-23134

CVE-2021-32399 CVE-2021-33034 CVE-2021-33909

CVE-2021-34693 CVE-2021-3609

CVSS scores:

CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2020-24586 (SUSE): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CVE-2020-24587 (NVD) : 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2406-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.