Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:2542-1

Опубликовано: 28 июл. 2021
Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-24_49 fixes several issues.

The following security issues were fixed:

  • CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062)
  • CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116)
  • CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050)

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP1
kernel-livepatch-4_12_14-197_78-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_43-default-9-2.2
kernel-livepatch-5_3_18-24_46-default-9-2.2
kernel-livepatch-5_3_18-24_49-default-8-2.2

Ссылки

Описание

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_78-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_43-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_46-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-8-2.2
Ссылки

Описание

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_78-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_43-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_46-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-8-2.2
Ссылки

Описание

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_78-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_43-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_46-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-8-2.2
Ссылки