Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.0347.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:0347-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:0347-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:0347-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

CVE-2021-3347: A use-after-free was discovered in the PI futexes during
fault handling, allowing local users to execute code in the kernel
(bnc#1181349).

CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be
triggered by local attackers (with access to the nbd device) via an I/O
request at a certain point during device setup (bnc#1181504).

CVE-2021-20177: Fixed a kernel panic related to iptables string matching
rules. A privileged user could insert a rule which could lead to denial
of service (bnc#1180765).

CVE-2021-0342: In tun_get_user of tun.c, there is possible memory
corruption due to a use after free. This could lead to local escalation
of privilege with System execution privileges required. (bnc#1180812)

CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was
found, specifically in the way user calls Ioctl after open dev file and
fork. A local user could use this flaw to crash the system (bnc#1179878).

CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl
(bnc#1176846).

CVE-2020-29569: Fixed a potential privilege escalation and information
leaks related to the PV block backend, as used by Xen (bnc#1179509).

CVE-2020-29568: Fixed a denial of service issue, related to processing
watch events (bnc#1179508).

CVE-2020-25211: Fixed a flaw where a local attacker was able to inject
conntrack netlink configuration that could cause a denial of service or
trigger the use of incorrect protocol numbers in
ctnetlink_parse_tuple_filter (bnc#1176395).

CVE-2020-36158: Fixed an issue wich might have allowed a remote
attacker to execute arbitrary code via a long SSID value in
mwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559).

CVE-2020-28374: Fixed a vulnerability caused by insufficient identifier
checking in the LIO SCSI target code. This could have been used by a
remote attacker to read or write files via directory traversal in an
XCOPY request (bnc#1178372).

The following non-security bugs were fixed:

ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes).

ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
(git-fixes).

ACPI: scan: Harden acpi_device_add() against device ID overflows
(git-fixes).

ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
(git-fixes).

ACPI: sysfs: Prefer 'compatible' modalias (git-fixes).

ALSA: doc: Fix reference to mixart.rst (git-fixes).

ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).

ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
(git-fixes).

ALSA: hda: Add Cometlake-R PCI ID (git-fixes).

ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes).

ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes).

ALSA: hda/realtek: Ad... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-0342
https://source.android.com/security/bulletin/pixel/2021-01-01
Common Vulnerability Exposure (CVE) ID: CVE-2021-3347
Debian Security Information: DSA-4843 (Google Search)
https://www.debian.org/security/2021/dsa-4843
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXAVDAK4RLAHBHHGEPL73UFXSI6BXQ7Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QOBMXDJABYE76RKNBAWA2E4TSSBX7CSJ/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2
https://www.openwall.com/lists/oss-security/2021/01/29/1
https://www.openwall.com/lists/oss-security/2021/01/29/3
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
http://www.openwall.com/lists/oss-security/2021/01/29/4
http://www.openwall.com/lists/oss-security/2021/01/29/5
http://www.openwall.com/lists/oss-security/2021/02/01/4
Common Vulnerability Exposure (CVE) ID: CVE-2021-3348
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b98e762e3d71e893b221f871825dc64694cfb258
https://www.openwall.com/lists/oss-security/2021/01/28/3
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
http://www.openwall.com/lists/oss-security/2021/02/01/1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.