Main Vulnerability Database SB2021120153

SB2021120153 - SUSE update for the Linux Kernel

Published: December 1, 2021

Security Bulletin ID SB2021120153

Severity

Medium

Patch available

YES

Number of vulnerabilities 15

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2014-7841)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed INIT chunk.

2) Use-after-free (CVE-ID: CVE-2020-36385)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/infiniband/core/ucma.c, because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.

3) Resource exhaustion (CVE-ID: CVE-2021-20265)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2021-33033)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of the CIPSO and CALIPSO refcounting for the DOI definitions in cipso_v4_genopt(0 function in net/ipv4/cipso_ipv4.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with escalated privileges.

5) Race condition (CVE-ID: CVE-2021-3609)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the CAN BCM networking protocol (net/can/bcm.c) in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

6) Use-after-free (CVE-ID: CVE-2021-3640)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.

7) Security restrictions bypass (CVE-ID: CVE-2021-3653)

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.

As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

8) Missing initialization of resource (CVE-ID: CVE-2021-3655)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource in the Linux kernel when processing inbound SCTP packets. A remote attacker can send specially crafted SCTP packets to the system and force the kernel to read uninitialized memory.

9) Resource exhaustion (CVE-ID: CVE-2021-3679)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

10) Double Free (CVE-ID: CVE-2021-37159)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.

11) Insufficient verification of data authenticity (CVE-ID: CVE-2021-3772)

The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.

12) Incorrect permission assignment for critical resource (CVE-ID: CVE-2021-38198)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page. A local user can trigger an error to perform a denial of service attack.

13) Out-of-bounds write (CVE-ID: CVE-2021-42008)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the decode_data() function in drivers/net/hamradio/6pack.c in the Linux kernel. A local user can send input from a process that has the CAP_NET_ADMIN capability and escalate privileges on the system.

14) Buffer overflow (CVE-ID: CVE-2021-42739)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.

15) Improper Validation of Array Index (CVE-ID: CVE-2021-43389)

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-202114849-1/

Vulnerable Software

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE
SUSE Linux Enterprise Debuginfo: 11-SP4
kernel-pae-devel-debuginfo: before 3.0.101-108.132.1
kernel-pae-debugsource: before 3.0.101-108.132.1
kernel-pae-debuginfo: before 3.0.101-108.132.1
kernel-ppc64-debugsource: before 3.0.101-108.132.1
kernel-ppc64-debuginfo: before 3.0.101-108.132.1
kernel-bigmem-debugsource: before 3.0.101-108.132.1
kernel-bigmem-debuginfo: before 3.0.101-108.132.1
kernel-xen-devel-debuginfo: before 3.0.101-108.132.1
kernel-xen-debugsource: before 3.0.101-108.132.1
kernel-xen-debuginfo: before 3.0.101-108.132.1
kernel-ec2-debugsource: before 3.0.101-108.132.1
kernel-ec2-debuginfo: before 3.0.101-108.132.1
kernel-trace-devel-debuginfo: before 3.0.101-108.132.1
kernel-default-devel-debuginfo: before 3.0.101-108.132.1
kernel-trace-debugsource: before 3.0.101-108.132.1
kernel-trace-debuginfo: before 3.0.101-108.132.1
kernel-default-debugsource: before 3.0.101-108.132.1
kernel-default-debuginfo: before 3.0.101-108.132.1
kernel-pae-extra: before 3.0.101-108.132.1
kernel-ppc64-extra: before 3.0.101-108.132.1
kernel-trace-extra: before 3.0.101-108.132.1
kernel-xen-extra: before 3.0.101-108.132.1
kernel-default-extra: before 3.0.101-108.132.1
kernel-pae-devel: before 3.0.101-108.132.1
kernel-pae-base: before 3.0.101-108.132.1
kernel-pae: before 3.0.101-108.132.1
kernel-default-man: before 3.0.101-108.132.1
kernel-ppc64-devel: before 3.0.101-108.132.1
kernel-ppc64-base: before 3.0.101-108.132.1
kernel-ppc64: before 3.0.101-108.132.1
kernel-bigmem-devel: before 3.0.101-108.132.1
kernel-bigmem-base: before 3.0.101-108.132.1
kernel-bigmem: before 3.0.101-108.132.1
kernel-xen-devel: before 3.0.101-108.132.1
kernel-xen-base: before 3.0.101-108.132.1
kernel-xen: before 3.0.101-108.132.1
kernel-ec2-devel: before 3.0.101-108.132.1
kernel-ec2-base: before 3.0.101-108.132.1
kernel-ec2: before 3.0.101-108.132.1
kernel-trace-devel: before 3.0.101-108.132.1
kernel-trace-base: before 3.0.101-108.132.1
kernel-trace: before 3.0.101-108.132.1
kernel-syms: before 3.0.101-108.132.1
kernel-source: before 3.0.101-108.132.1
kernel-default-devel: before 3.0.101-108.132.1
kernel-default-base: before 3.0.101-108.132.1
kernel-default: before 3.0.101-108.132.1

SB2021120153 - SUSE update for the Linux Kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human