Описание
Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-24_61 fixes several issues.
The following issues were fixed:
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111).
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges (bnc#1186060).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_66-default-3-2.1
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_61-default-2-2.1
Ссылки
- Link for SUSE-SU-2021:2067-1
- E-Mail link for SUSE-SU-2021:2067-1
- SUSE Security Ratings
- SUSE Bug 1185847
- SUSE Bug 1185899
- SUSE Bug 1186061
- SUSE Bug 1186285
- SUSE CVE CVE-2021-23134 page
- SUSE CVE CVE-2021-32399 page
- SUSE CVE CVE-2021-33034 page
Описание
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_66-default-3-2.1
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-2-2.1
Ссылки
- CVE-2021-23134
- SUSE Bug 1186060
- SUSE Bug 1186061
- SUSE Bug 1220739
Описание
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_66-default-3-2.1
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-2-2.1
Ссылки
- CVE-2021-32399
- SUSE Bug 1184611
- SUSE Bug 1185898
- SUSE Bug 1185899
- SUSE Bug 1196174
- SUSE Bug 1200084
- SUSE Bug 1201734
Описание
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_66-default-3-2.1
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_61-default-2-2.1
Ссылки
- CVE-2021-33034
- SUSE Bug 1186111
- SUSE Bug 1186285