SB2021111633 - SUSE update for the Linux Kernel
Published: November 16, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-33033)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of the CIPSO and CALIPSO refcounting for the DOI definitions in cipso_v4_genopt(0 function in net/ipv4/cipso_ipv4.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with escalated privileges.
2) Type Confusion (CVE-ID: CVE-2021-34866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the handling of eBPF programs. A local user can run a specially crafted program on the system to trigger a type confusion and execute arbitrary code with kernel privileges.
3) Missing initialization of resource (CVE-ID: CVE-2021-3655)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing initialization of resource in the Linux kernel when processing inbound SCTP packets. A remote attacker can send specially crafted SCTP packets to the system and force the kernel to read uninitialized memory.
4) Use-after-free (CVE-ID: CVE-2021-3715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem (route4_change() function in net/sched/cls_route.c) in the way it handled changing of classification filters. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
5) Double Free (CVE-ID: CVE-2021-37159)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.
6) Use-after-free (CVE-ID: CVE-2021-3760)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the NFC stack. A local user can trigger use-after-free error to escalate privileges on the system.
7) Insufficient verification of data authenticity (CVE-ID: CVE-2021-3772)
The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.
8) Out-of-bounds write (CVE-ID: CVE-2021-41864)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
9) Out-of-bounds write (CVE-ID: CVE-2021-42008)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the decode_data() function in drivers/net/hamradio/6pack.c in the Linux kernel. A local user can send input from a process that has the CAP_NET_ADMIN capability and escalate privileges on the system.
10) Out-of-bounds write (CVE-ID: CVE-2021-42252)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the aspeed_lpc_ctrl_mmap() function in drivers/soc/aspeed/aspeed-lpc-ctrl.c. A local user can execute arbitrary code.
11) Buffer overflow (CVE-ID: CVE-2021-42739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.
12) Unchecked Return Value (CVE-ID: CVE-2021-43056)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation error when handling SRR1 register values. A local user can perform a denial of service attack, when the host is running on Power8.
13) Improper Validation of Array Index (CVE-ID: CVE-2021-43389)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.
14) Security restrictions bypass (CVE-ID: CVE-2018-13405)
The vulnerability allows a local attacker to create arbitrary files on the target system.
The vulnerability exists due to the inode_init_owner function, as defined in the fs/inode.c source code file, allows the creation of arbitrary files in set-group identification (SGID) directories. A local attacker can create arbitrary files with unintended group ownership.
Remediation
Install update from vendor's website.