Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 456
Alerts This Week
Warning Icon 1 456

SUSE: 2021:2451-1 Important: Local Escalation in Linux Kernel

suse
Calendar Grey July 22, 2021
Dist Suse Esm H88
Important SUSE security patch for Linux Kernel addresses 20 security vulnerabilities and 10 non-security issues. A reboot is necessary after installation.
An update that solves 20 vulnerabilities and has 10 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to

References

#1115026 #1175462 #1179610 #1184611 #1185724

#1185859 #1185860 #1185861 #1185862 #1185863

#1185898 #1185987 #1186060 #1186062 #1186111

#1186235 #1186390 #1186463 #1187038 #1187050

#1187193 #1187215 #1187388 #1187452 #1187595

#1187601 #1187934 #1188062 #1188063 #1188116

Cross- CVE-2020-24586 CVE-2020-24587 CVE-2020-24588

CVE-2020-26139 CVE-2020-26141 CVE-2020-26145

CVE-2020-26147 CVE-2020-26558 CVE-2020-36385

CVE-2020-36386 CVE-2021-0129 CVE-2021-0512

CVE-2021-0605 CVE-2021-22555 CVE-2021-23134

CVE-2021-32399 CVE-2021-33034 CVE-2021-33909

CVE-2021-34693 CVE-2021-3609

CVSS scores:

CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2020-24586 (SUSE): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2451-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.