Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1977.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1977-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:1977-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:1977-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).

CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)

CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not
yet successfully authenticated to the AP. (bnc#1186062)

CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed
local attackers to elevate their privileges. (bnc#1186060)

CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).

CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).

CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that received fragments be cleared from memory after
(re)connecting to a network. Under the right circumstances this can be
abused to inject arbitrary network packets and/or exfiltrate user data
(bnc#1185859).

CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that all fragments of a frame are encrypted under the same key.
An adversary can abuse this to decrypt selected fragments when another
device sends fragmented frames and the WEP, CCMP, or GCMP encryption key
is periodically renewed (bnc#1185859 bnc#1185862).

CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that the A-MSDU flag in the plaintext QoS header field is
authenticated. Against devices that support receiving non-SSP A-MSDU
frames (which is mandatory as part of 802.11n), an adversary can abuse
this to inject arbitrary network packets. (bnc#1185861)

CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP,
or GCMP data-confidentiality protocol is used (bnc#1185859).

CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305
4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept
second (or subsequent) broadcast fragments even when sent in plaintext
and process them as full unfragmented frames. An adversary can abuse
this to inject arbitrary network packets ind... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP3, SUSE Linux Enterprise Module for Live Patching 15-SP3, SUSE Linux Enterprise Module for Legacy Software 15-SP3, SUSE Linux Enterprise Module for Development Tools 15-SP3, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise High Availability 15-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3428
Common Vulnerability Exposure (CVE) ID: CVE-2021-3444
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809
https://www.openwall.com/lists/oss-security/2021/03/23/2
http://www.openwall.com/lists/oss-security/2021/03/23/2
Common Vulnerability Exposure (CVE) ID: CVE-2021-3483
https://bugzilla.redhat.com/show_bug.cgi?id=1948045
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
http://www.openwall.com/lists/oss-security/2021/04/07/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3489
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
https://www.zerodayinitiative.com/advisories/ZDI-21-590/
https://www.openwall.com/lists/oss-security/2021/05/11/10
https://ubuntu.com/security/notices/USN-4949-1
https://ubuntu.com/security/notices/USN-4950-1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3490
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e
https://www.zerodayinitiative.com/advisories/ZDI-21-606/
https://www.openwall.com/lists/oss-security/2021/05/11/11
Common Vulnerability Exposure (CVE) ID: CVE-2021-3491
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db
https://www.zerodayinitiative.com/advisories/ZDI-21-589/
https://www.openwall.com/lists/oss-security/2021/05/11/13
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.