Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

SUSE: 2021:2427-1 Important: Linux Kernel Security Update - High Risk

suse
Calendar Grey July 21, 2021
Dist Suse Esm H88
Important patch for the SUSE Linux Kernel resolving 15 vulnerabilities and greatly improving system protection.
An update that solves 13 vulnerabilities and has 5 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)

References

#1153720 #1174978 #1179610 #1181193 #1185428

#1185701 #1185861 #1186463 #1186484 #1187038

#1187050 #1187215 #1187452 #1187554 #1187595

#1187601 #1188062 #1188116

Cross- CVE-2020-24588 CVE-2020-26558 CVE-2020-36385

CVE-2020-36386 CVE-2021-0129 CVE-2021-0512

CVE-2021-0605 CVE-2021-22555 CVE-2021-33200

CVE-2021-33624 CVE-2021-33909 CVE-2021-34693

CVE-2021-3609

CVSS scores:

CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2427-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.