SUSE: 2022:0668-1 Important: Local Escalation Security Fix
suse
March 2, 2022
An update that fixes two vulnerabilities is now available
Summary
This update for the Linux Kernel 4.4.180-94_153 fixes several issues. The following security issues were fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bsc#1182294). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods
References
#1182294 #1194463
Cross- CVE-2021-0920 CVE-2021-28688
CVSS scores:
CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server for SAP 12-SP3
https://www.suse.com/security/cve/CVE-2021-0920.html
https://www.suse.com/security/cve/CVE-2021-28688.html
https://bugzilla.suse.com/1182294
https://bugzilla.suse.com/1194463
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2022:0668-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!