Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1891.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1891-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:1891-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:1891-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).

CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)

CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not
yet successfully authenticated to the AP. (bnc#1186062)

CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed
local attackers to elevate their privileges. (bnc#1186060)

CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead
to privilege escalation from the context of a network service or an
unprivileged process. (bnc#1184675)

CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).

CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).

CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that received fragments be cleared from memory after
(re)connecting to a network. Under the right circumstances this can be
abused to inject arbitrary network packets and/or exfiltrate user data
(bnc#1185859).

CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that all fragments of a frame are encrypted under the same key.
An adversary can abuse this to decrypt selected fragments when another
device sends fragmented frames and the WEP, CCMP, or GCMP encryption key
is periodically renewed (bnc#1185859 bnc#1185862).

CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP,
or GCMP data-confidentiality protocol is used (bnc#1185859).

CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305
4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept
second (or subsequent) broadcast fragments even when sent in plaintext
and process them as full unfragmented frames. An adversary can abuse
this to inject arbitrary network packets independent of the network
configuration. (bnc#1185860)

CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP
frames was not verified. An a... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE OpenStack Cloud Crowbar 9, SUSE OpenStack Cloud 9, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Live Patching 12-SP4, SUSE Linux Enterprise High Availability 12-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3491
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db
https://www.zerodayinitiative.com/advisories/ZDI-21-589/
https://www.openwall.com/lists/oss-security/2021/05/11/13
https://ubuntu.com/security/notices/USN-4949-1
https://ubuntu.com/security/notices/USN-4950-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.