Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

SUSE: 2021:2422-1 Important: Kernel Bugfixes and Security Enhancements

suse
Calendar Grey July 21, 2021
Dist Suse Esm H88
SUSE Security Notice reveals a significant update for the Linux Kernel, tackling numerous vital vulnerabilities alongside crucial improvements.
An update that solves 13 vulnerabilities and has four fixes is now available

Summary

The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible

References

#1104967 #1174978 #1179610 #1185701 #1185861

#1186463 #1186484 #1187038 #1187050 #1187215

#1187452 #1187554 #1187595 #1187601 #1187934

#1188062 #1188116

Cross- CVE-2020-24588 CVE-2020-26558 CVE-2020-36385

CVE-2020-36386 CVE-2021-0129 CVE-2021-0512

CVE-2021-0605 CVE-2021-22555 CVE-2021-33200

CVE-2021-33624 CVE-2021-33909 CVE-2021-34693

CVE-2021-3609

CVSS scores:

CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2422-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.