Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 504
Alerts This Week
Warning Icon 1 504

SUSE: 2021:2416-1 Important: Kernel Privilege Escalation Issues Fixed

suse
Calendar Grey July 20, 2021
Dist Suse Esm H88
SUSE has released an important Security Update for the Linux Kernel, which resolves several vulnerabilities and enhances system security.
An update that solves 5 vulnerabilities and has 14 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for

References

#1065729 #1085224 #1094840 #1153720 #1170511

#1183871 #1184114 #1185032 #1185308 #1185791

#1185995 #1187050 #1187215 #1187585 #1187934

#1188062 #1188116 #1188273 #1188274

Cross- CVE-2020-36385 CVE-2021-22555 CVE-2021-33909

CVE-2021-3609 CVE-2021-3612

CVSS scores:

CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2416-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.