Описание
Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_138 fixes several issues.
The following security issues were fixed:
- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460).
Список пакетов
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2022:0552-1
- E-Mail link for SUSE-SU-2022:0552-1
- SUSE Security Ratings
- SUSE Bug 1194460
- SUSE Bug 1194533
- SUSE CVE CVE-2021-4083 page
- SUSE CVE CVE-2021-4202 page
Описание
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
Затронутые продукты
Ссылки
- CVE-2021-4083
- SUSE Bug 1193727
- SUSE Bug 1194460
- SUSE Bug 1196722
Описание
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.
Затронутые продукты
Ссылки
- CVE-2021-4202
- SUSE Bug 1194529
- SUSE Bug 1194533