Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE: 2021:2599-1 Important: Local Escalation Fixes in Linux Kernel

suse
Calendar Grey August 3, 2021
Dist Suse Esm H88
Canonical Ubuntu Kernel Release: Mitigating three security flaws with enhancements and improvements, essential for operating system stability.
An update that solves four vulnerabilities, contains three features and has 23 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed a bug where modules signature verification did not occur if CONFIG_MODULE_SIG is not set, regardless of the value of module.sig_enforce command-line argument. (bnc#1188080)

References

#1065729 #1085224 #1094840 #1152472 #1152489

#1155518 #1170511 #1179243 #1180092 #1183871

#1184114 #1184804 #1185308 #1185791 #1186206

#1187215 #1187585 #1188036 #1188080 #1188116

#1188121 #1188176 #1188267 #1188268 #1188269

#1188405 #1188525 SLE-17042 SLE-17043 SLE-17268

Cross- CVE-2021-22555 CVE-2021-35039 CVE-2021-3609

CVE-2021-3612

CVSS scores:

CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-35039 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-35039 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2599-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.