Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2021:2756-1 Critical: Kernel Memory Corruption and Data Exposure Risk

suse
Calendar Grey August 17, 2021
Dist Suse Esm H88
Tackling vital challenges within the SUSE Linux Kernel to enhance security measures and boost system reliability through a range of solutions.
An update that solves four vulnerabilities and has 37 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM

References

#1065729 #1085224 #1094840 #1113295 #1153274

#1154353 #1155518 #1156395 #1176940 #1179243

#1180092 #1183871 #1184114 #1184350 #1184631

#1184804 #1185377 #1186194 #1186206 #1186482

#1186483 #1187476 #1188101 #1188405 #1188445

#1188504 #1188620 #1188683 #1188746 #1188747

#1188748 #1188770 #1188771 #1188772 #1188773

#1188774 #1188777 #1188838 #1188876 #1188885

#1188973

Cross- CVE-2021-21781 CVE-2021-22543 CVE-2021-3659

CVE-2021-37576

CVSS scores:

CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2756-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.