Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1574.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1574-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:1574-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:1574-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed
attackers to cause a denial of service (panic) because
net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
full memory barrier upon the assignment of a new table value
(bnc#1184208).

CVE-2021-29155: Fixed an issue that was discovered in
kernel/bpf/verifier.c that performs undesirable out-of-bounds
speculation on pointer arithmetic, leading to side-channel attacks that
defeat Spectre mitigations and obtain sensitive information from kernel
memory. Specifically, for sequences of pointer arithmetic operations,
the pointer modification performed by the first operation was not
correctly accounted for when restricting subsequent operations
(bnc#1184942).

The following non-security bugs were fixed:

ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).

ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
(git-fixes).

ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
(git-fixes).

ALSA: hda/cirrus: Add error handling into CS8409 I2C functions
(git-fixes).

ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control
(git-fixes).

ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42
companion codec (git-fixes).

ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42
companion codec (git-fixes).

ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes).

ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name
(git-fixes).

ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups
(git-fixes).

ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB
(git-fixes).

ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye
(git-fixes).

ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes).

ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes).

ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes).

ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes).

ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes).

ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill
devices (git-fixes).

ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes).

ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes).

ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes).

ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes).

ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
(git-fixes).

ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).

ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes).

ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).

ALSA: hda/rea... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE MicroOS 5.0, SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise High Availability 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-29155
Common Vulnerability Exposure (CVE) ID: CVE-2021-29650
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.