Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2021-22555 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 |
CWE-ID | CWE-787 CWE-347 CWE-362 |
Exploitation vector | Local |
Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #3 is available. |
Vulnerable software |
SUSE Linux Enterprise Module for Realtime Operating systems & Components / Operating system ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component kernel-rt_debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-devel Operating systems & Components / Operating system package or component kernel-rt_debug-debugsource Operating systems & Components / Operating system package or component kernel-rt_debug-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU56017
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2021-22555
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP2
ocfs2-kmp-rt-debuginfo: before 5.3.18-45.3
ocfs2-kmp-rt: before 5.3.18-45.3
kernel-syms-rt: before 5.3.18-45.2
kernel-rt_debug-devel-debuginfo: before 5.3.18-45.3
kernel-rt_debug-devel: before 5.3.18-45.3
kernel-rt_debug-debugsource: before 5.3.18-45.3
kernel-rt_debug-debuginfo: before 5.3.18-45.3
kernel-rt_debug: before 5.3.18-45.3
kernel-rt-devel-debuginfo: before 5.3.18-45.3
kernel-rt-devel: before 5.3.18-45.3
kernel-rt-debugsource: before 5.3.18-45.3
kernel-rt-debuginfo: before 5.3.18-45.3
kernel-rt: before 5.3.18-45.3
gfs2-kmp-rt-debuginfo: before 5.3.18-45.3
gfs2-kmp-rt: before 5.3.18-45.3
dlm-kmp-rt-debuginfo: before 5.3.18-45.3
dlm-kmp-rt: before 5.3.18-45.3
cluster-md-kmp-rt-debuginfo: before 5.3.18-45.3
cluster-md-kmp-rt: before 5.3.18-45.3
kernel-source-rt: before 5.3.18-45.3
kernel-devel-rt: before 5.3.18-45.3
CPE2.3http://www.suse.com/support/update/announcement/2021/suse-su-20212599-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU66477
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-35039
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper signature handling in the kernel/module.c in Linux kernel. If the kernel module is not signed, it still can be loaded into the system via init_module if module.sig_enforce=1 command-line argument is used. As a result, a local user can load unsigned and potentially malicious kernel modules.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP2
ocfs2-kmp-rt-debuginfo: before 5.3.18-45.3
ocfs2-kmp-rt: before 5.3.18-45.3
kernel-syms-rt: before 5.3.18-45.2
kernel-rt_debug-devel-debuginfo: before 5.3.18-45.3
kernel-rt_debug-devel: before 5.3.18-45.3
kernel-rt_debug-debugsource: before 5.3.18-45.3
kernel-rt_debug-debuginfo: before 5.3.18-45.3
kernel-rt_debug: before 5.3.18-45.3
kernel-rt-devel-debuginfo: before 5.3.18-45.3
kernel-rt-devel: before 5.3.18-45.3
kernel-rt-debugsource: before 5.3.18-45.3
kernel-rt-debuginfo: before 5.3.18-45.3
kernel-rt: before 5.3.18-45.3
gfs2-kmp-rt-debuginfo: before 5.3.18-45.3
gfs2-kmp-rt: before 5.3.18-45.3
dlm-kmp-rt-debuginfo: before 5.3.18-45.3
dlm-kmp-rt: before 5.3.18-45.3
cluster-md-kmp-rt-debuginfo: before 5.3.18-45.3
cluster-md-kmp-rt: before 5.3.18-45.3
kernel-source-rt: before 5.3.18-45.3
kernel-devel-rt: before 5.3.18-45.3
CPE2.3http://www.suse.com/support/update/announcement/2021/suse-su-20212599-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54292
Risk: Medium
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2021-3609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the CAN BCM networking protocol (net/can/bcm.c) in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP2
ocfs2-kmp-rt-debuginfo: before 5.3.18-45.3
ocfs2-kmp-rt: before 5.3.18-45.3
kernel-syms-rt: before 5.3.18-45.2
kernel-rt_debug-devel-debuginfo: before 5.3.18-45.3
kernel-rt_debug-devel: before 5.3.18-45.3
kernel-rt_debug-debugsource: before 5.3.18-45.3
kernel-rt_debug-debuginfo: before 5.3.18-45.3
kernel-rt_debug: before 5.3.18-45.3
kernel-rt-devel-debuginfo: before 5.3.18-45.3
kernel-rt-devel: before 5.3.18-45.3
kernel-rt-debugsource: before 5.3.18-45.3
kernel-rt-debuginfo: before 5.3.18-45.3
kernel-rt: before 5.3.18-45.3
gfs2-kmp-rt-debuginfo: before 5.3.18-45.3
gfs2-kmp-rt: before 5.3.18-45.3
dlm-kmp-rt-debuginfo: before 5.3.18-45.3
dlm-kmp-rt: before 5.3.18-45.3
cluster-md-kmp-rt-debuginfo: before 5.3.18-45.3
cluster-md-kmp-rt: before 5.3.18-45.3
kernel-source-rt: before 5.3.18-45.3
kernel-devel-rt: before 5.3.18-45.3
CPE2.3http://www.suse.com/support/update/announcement/2021/suse-su-20212599-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU55231
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3612
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in joystick devices subsystem in Linux kernel. A local user can make a specially crafted JSIOCSBTNMAP IOCTL call, trigger out-of-bounds write and execute arbitrary code with escalated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP2
ocfs2-kmp-rt-debuginfo: before 5.3.18-45.3
ocfs2-kmp-rt: before 5.3.18-45.3
kernel-syms-rt: before 5.3.18-45.2
kernel-rt_debug-devel-debuginfo: before 5.3.18-45.3
kernel-rt_debug-devel: before 5.3.18-45.3
kernel-rt_debug-debugsource: before 5.3.18-45.3
kernel-rt_debug-debuginfo: before 5.3.18-45.3
kernel-rt_debug: before 5.3.18-45.3
kernel-rt-devel-debuginfo: before 5.3.18-45.3
kernel-rt-devel: before 5.3.18-45.3
kernel-rt-debugsource: before 5.3.18-45.3
kernel-rt-debuginfo: before 5.3.18-45.3
kernel-rt: before 5.3.18-45.3
gfs2-kmp-rt-debuginfo: before 5.3.18-45.3
gfs2-kmp-rt: before 5.3.18-45.3
dlm-kmp-rt-debuginfo: before 5.3.18-45.3
dlm-kmp-rt: before 5.3.18-45.3
cluster-md-kmp-rt-debuginfo: before 5.3.18-45.3
cluster-md-kmp-rt: before 5.3.18-45.3
kernel-source-rt: before 5.3.18-45.3
kernel-devel-rt: before 5.3.18-45.3
CPE2.3http://www.suse.com/support/update/announcement/2021/suse-su-20212599-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.