Описание
Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_116 fixes several issues.
The following security issues were fixed:
- CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553).
- CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616).
- CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 7
Ссылки
- Link for SUSE-SU-2021:0870-1
- E-Mail link for SUSE-SU-2021:0870-1
- SUSE Security Ratings
- SUSE Bug 1178684
- SUSE Bug 1179616
- SUSE Bug 1181553
- SUSE CVE CVE-2020-27786 page
- SUSE CVE CVE-2020-28374 page
- SUSE CVE CVE-2021-3347 page
Описание
A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-27786
- SUSE Bug 1179601
- SUSE Bug 1179616
Описание
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
Затронутые продукты
Ссылки
- CVE-2020-28374
- SUSE Bug 1178372
- SUSE Bug 1178684
- SUSE Bug 1180676
Описание
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
Затронутые продукты
Ссылки
- CVE-2021-3347
- SUSE Bug 1181349
- SUSE Bug 1181553
- SUSE Bug 1190859