SB2021030974 - SUSE update for the Linux Kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021030974

SB2021030974 - SUSE update for the Linux Kernel

Published: March 9, 2021

Security Bulletin ID SB2021030974
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2020-29368)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.



2) Race condition (CVE-ID: CVE-2020-29374)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the mm/gup.c and mm/huge_memory.c in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information.


3) Resource management error (CVE-ID: CVE-2021-26930)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when processing service requests to the PV backend within drivers/block/xen-blkback/blkback.c driver in Xen. A local user on the guest OS can perform a denial of service (DoS) attack.


4) Allocation of resources without limits or throttling (CVE-ID: CVE-2021-26931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling error within the scsiback_gnttab_data_map_batch() function in drivers/xen/xen-scsiback.c. A local user can perform a denial of service (DoS) attack.


5) Buffer overflow (CVE-ID: CVE-2021-26932)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the gntdev_map_grant_pages() function in drivers/xen/gntdev.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References