Explore top 10 tips to secure your open-source projects now. Read More
×
This update for the Linux Kernel 4.12.14-197_99 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2:
#1186483 #1188842
Cross- CVE-2021-22543 CVE-2021-37576
CVSS scores:
CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Live Patching 12-SP4
https://www.suse.com/security/cve/CVE-2021-22543.html
https://www.suse.com/security/cve/CVE-2021-37576.html
https://bugzilla.suse.com/1186483
https://bugzilla.suse.com/1188842
Get the latest Linux and open source security news straight to your inbox.