SB2021092233 - SUSE update for the Linux Kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021092233

SB2021092233 - SUSE update for the Linux Kernel

Published: September 22, 2021

Security Bulletin ID SB2021092233
Severity
Low
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2018-9517)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in pppol2tp_connect. A local user can trigger memory corruption and escalate privileges on the system.


2) Input validation error (CVE-ID: CVE-2019-3874)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. A local user can perform a denial of service (DoS) attack.


3) Infinite loop (CVE-ID: CVE-2019-3900)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in vhost_net kernel module when processing incoming packets in handle_rx(). A remote attacker with access to guest operating system can stall the vhost_net kernel thread and cause denial of service conditions.


4) Use-after-free (CVE-ID: CVE-2021-3640)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.


5) Security restrictions bypass (CVE-ID: CVE-2021-3653)

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.

As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.


6) Security restrictions bypass (CVE-ID: CVE-2021-3656)

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest.

The vulnerability allows the L2 guest to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.


7) Resource exhaustion (CVE-ID: CVE-2021-3679)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.


8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-3732)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.


9) Out-of-bounds read (CVE-ID: CVE-2021-3753)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.


10) Resource exhaustion (CVE-ID: CVE-2021-3759)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.


11) Incorrect permission assignment for critical resource (CVE-ID: CVE-2021-38198)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page. A local user can trigger an error to perform a denial of service attack.

12) Use-after-free (CVE-ID: CVE-2021-38204)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.


Remediation

Install update from vendor's website.

References