Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

SUSE Linux Enterprise 15: 2021:2421-1 Important: Kernel Update

suse
Calendar Grey July 21, 2021
Dist Suse Esm H88
Red Hat announces significant software patch resolving 18 vulnerabilities and introducing two critical enhancements.
An update that solves 24 vulnerabilities and has three fixes is now available

Summary

The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116 ). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible

References

#1176081 #1179610 #1183738 #1184611 #1184675

#1185642 #1185725 #1185859 #1185860 #1185861

#1185862 #1185898 #1185987 #1186060 #1186062

#1186111 #1186463 #1186484 #1187038 #1187050

#1187215 #1187452 #1187554 #1187595 #1187601

#1188062 #1188116

Cross- CVE-2020-24586 CVE-2020-24587 CVE-2020-24588

CVE-2020-26139 CVE-2020-26141 CVE-2020-26145

CVE-2020-26147 CVE-2020-26558 CVE-2020-36385

CVE-2020-36386 CVE-2021-0129 CVE-2021-0512

CVE-2021-0605 CVE-2021-22555 CVE-2021-23133

CVE-2021-23134 CVE-2021-32399 CVE-2021-33034

CVE-2021-33200 CVE-2021-33624 CVE-2021-33909

CVE-2021-34693 CVE-2021-3491 CVE-2021-3609

CVSS scores:

CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-202...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2421-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.