Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

SUSE Linux Enterprise: 2021:2643-1 Critical: Kernel Security Fixes

suse
Calendar Grey August 10, 2021
Dist Suse Esm H88
SUSE has launched a crucial security patch addressing severe kernel vulnerabilities that affect system integrity and performance, featuring essential upgrades and enhancements.
An update that solves 10 vulnerabilities, contains one feature and has 33 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bsc#1187038).

References

#1065729 #1085224 #1094840 #1113295 #1153720

#1170511 #1176724 #1176931 #1176940 #1179195

#1181161 #1183871 #1184114 #1184350 #1184804

#1185032 #1185308 #1185377 #1185791 #1185995

#1186206 #1186482 #1186672 #1187038 #1187050

#1187215 #1187476 #1187585 #1187846 #1188026

#1188062 #1188101 #1188116 #1188273 #1188274

#1188405 #1188620 #1188750 #1188838 #1188842

#1188876 #1188885 #1188973 SLE-10538

Cross- CVE-2020-0429 CVE-2020-36385 CVE-2020-36386

CVE-2021-22543 CVE-2021-22555 CVE-2021-33909

CVE-2021-3609 CVE-2021-3612 CVE-2021-3659

CVE-2021-37576

CVSS scores:

CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2643-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.