Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUS: 2021:2599-2 Important: local privilege escalation fixes

suse
Calendar Grey August 5, 2021
Dist Suse Esm H88
SUSE Security Patch 2021:2599-2 mitigates risks in the Linux Kernel. Ensure you implement the most recent updates.
An update that solves four vulnerabilities, contains three features and has 23 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed a bug where modules signature verification did not occur if CONFIG_MODULE_SIG is not set, regardless of the value of module.sig_enforce command-line argument. (bnc#1188080)

References

#1065729 #1085224 #1094840 #1152472 #1152489

#1155518 #1170511 #1179243 #1180092 #1183871

#1184114 #1184804 #1185308 #1185791 #1186206

#1187215 #1187585 #1188036 #1188080 #1188116

#1188121 #1188176 #1188267 #1188268 #1188269

#1188405 #1188525 SLE-17042 SLE-17043 SLE-17268

Cross- CVE-2021-22555 CVE-2021-35039 CVE-2021-3609

CVE-2021-3612

CVSS scores:

CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-35039 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-35039 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2599-2
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.