Описание
Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_141 fixes one issue.
The following security issue was fixed:
- CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
kgraft-patch-4_12_14-95_77-default-11-2.1
SUSE Linux Enterprise Live Patching 15
kernel-livepatch-4_12_14-150_78-default-4-2.1
kernel-livepatch-4_12_14-150_75-default-9-2.1
kernel-livepatch-4_12_14-150_72-default-12-2.1
kernel-livepatch-4_12_14-150_69-default-15-2.2
SUSE Linux Enterprise Server 12 SP3-LTSS
kgraft-patch-4_4_180-94_150-default-5-2.1
kgraft-patch-4_4_180-94_147-default-9-2.1
kgraft-patch-4_4_180-94_144-default-12-2.1
kgraft-patch-4_4_180-94_141-default-15-2.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
kgraft-patch-4_4_180-94_150-default-5-2.1
kgraft-patch-4_4_180-94_147-default-9-2.1
kgraft-patch-4_4_180-94_144-default-12-2.1
kgraft-patch-4_4_180-94_141-default-15-2.2
Ссылки
- Link for SUSE-SU-2022:0667-1
- E-Mail link for SUSE-SU-2022:0667-1
- SUSE Security Ratings
- SUSE Bug 1194463
- SUSE CVE CVE-2021-0920 page
Описание
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_77-default-11-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_69-default-15-2.2
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_72-default-12-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_75-default-9-2.1
Ссылки
- CVE-2021-0920
- SUSE Bug 1193731
- SUSE Bug 1194463
- SUSE Bug 1195939
- SUSE Bug 1199255
- SUSE Bug 1200084