Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

SUSE: 2021:2577-1 Important: Live Patch 15 for SLE 15 SP2 Critical Issue

suse
Calendar Grey July 30, 2021
Dist Suse Esm H88
Important enhancement for SUSE Linux Kernel (Live Patch 15) addresses 14 vulnerabilities, among them potential local privilege elevation threats.
An update that fixes 14 vulnerabilities is now available

Summary

This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that could lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-33034: Fixed a use-after-free vulnerability when destroying an

References

#1182717 #1183120 #1183491 #1183658 #1184171

#1184710 #1184952 #1185847 #1185899 #1185901

#1186285 #1187052 #1188117 #1188257

Cross- CVE-2020-36322 CVE-2020-36385 CVE-2021-22555

CVE-2021-23133 CVE-2021-27363 CVE-2021-27364

CVE-2021-27365 CVE-2021-28660 CVE-2021-28688

CVE-2021-29154 CVE-2021-32399 CVE-2021-33034

CVE-2021-33909 CVE-2021-3444

CVSS scores:

CVE-2020-36322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2577-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.