Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-22 fixes several issues.
The following security issues were fixed:
- CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664).
- Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc#1182468).
- CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553).
- CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684).
- CVE-2021-0342: Fixed a potential memory corruption due to a use after free which could have led to local escalation of privilege with System execution privileges required (bsc#1180859).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
Ссылки
- Link for SUSE-SU-2021:0849-1
- E-Mail link for SUSE-SU-2021:0849-1
- SUSE Security Ratings
- SUSE Bug 1178684
- SUSE Bug 1179664
- SUSE Bug 1180859
- SUSE Bug 1181553
- SUSE Bug 1182468
- SUSE CVE CVE-2020-28374 page
- SUSE CVE CVE-2020-29368 page
- SUSE CVE CVE-2021-0342 page
- SUSE CVE CVE-2021-3347 page
Описание
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
Затронутые продукты
Ссылки
- CVE-2020-28374
- SUSE Bug 1178372
- SUSE Bug 1178684
- SUSE Bug 1180676
Описание
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Затронутые продукты
Ссылки
- CVE-2020-29368
- SUSE Bug 1179428
- SUSE Bug 1179660
- SUSE Bug 1179664
Описание
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.
Затронутые продукты
Ссылки
- CVE-2021-0342
- SUSE Bug 1180812
- SUSE Bug 1180859
Описание
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
Затронутые продукты
Ссылки
- CVE-2021-3347
- SUSE Bug 1181349
- SUSE Bug 1181553
- SUSE Bug 1190859