SUSE Linux Kernel Live Patch 25: Important Security Update for SLE 12 SP5

suse

December 14, 2021

An update that fixes three vulnerabilities is now available

Summary

This update for the Linux Kernel 4.12.14-122_98 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-0935: In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bsc#1192032) Patch Instructions:

Topics Covered

security advisory patch important SUSE linux kernel live patch escalation privilege

References

#1191813 #1192042 #1192048

Cross- CVE-2021-0935 CVE-2021-0941 CVE-2021-20322

CVSS scores:

CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

SUSE Linux Enterprise Live Patching 12-SP5

https://www.suse.com/security/cve/CVE-2021-0935.html

https://www.suse.com/security/cve/CVE-2021-0941.html

https://www.suse.com/security/cve/CVE-2021-20322.html

https://bugzilla.suse.com/1191813

https://bugzilla.suse.com/1192042

https://bugzilla.suse.com/1192048

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2021:4021-1

Rating: important

Topics Covered

security advisory patch important SUSE linux kernel live patch escalation privilege

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Kernel Live Patch 25: Important Security Update for SLE 12 SP5

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Kernel Live Patch 25: Important Security Update for SLE 12 SP5

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!