Описание
Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-24_107 fixes one issue.
The following security issue was fixed:
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_107-default-2-150200.2.1
Ссылки
- Link for SUSE-SU-2022:0996-1
- E-Mail link for SUSE-SU-2022:0996-1
- SUSE Security Ratings
- SUSE Bug 1194463
- SUSE CVE CVE-2021-0920 page
Описание
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_107-default-2-150200.2.1
Ссылки
- CVE-2021-0920
- SUSE Bug 1193731
- SUSE Bug 1194463
- SUSE Bug 1195939
- SUSE Bug 1199255
- SUSE Bug 1200084