SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2020-12770 CVE-2020-3702 CVE-2021-34556 CVE-2021-35477 CVE-2021-3653 CVE-2021-3656 CVE-2021-3669 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-3759 CVE-2021-3764 CVE-2021-38198 CVE-2021-40490 |
| CWE-ID | CWE-20 CWE-310 CWE-200 CWE-203 CWE-264 CWE-400 CWE-476 CWE-125 CWE-401 CWE-416 CWE-732 CWE-362 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Module for Realtime Operating systems & Components / Operating system SUSE MicroOS Operating systems & Components / Operating system ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component kernel-rt_debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-devel Operating systems & Components / Operating system package or component kernel-rt_debug-debugsource Operating systems & Components / Operating system package or component kernel-rt_debug-debuginfo Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU28170
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-12770
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cryptographic Issues
EUVDB-ID: #VU109316
Risk: Medium
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-3702
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access top sensitive information.
The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU64203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-34556
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Observable discrepancy
EUVDB-ID: #VU92412
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-35477
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable discrepancy error. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security restrictions bypass
EUVDB-ID: #VU56904
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3653
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.
As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security restrictions bypass
EUVDB-ID: #VU56929
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3656
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest.The vulnerability allows the L2 guest to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource exhaustion
EUVDB-ID: #VU63911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3669
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU74548
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3732
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU90666
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to read data or crash the application.
The vulnerability exists due to NULL pointer dereference within the btrfs_rm_device() function in fs/btrfs/volumes.c. A local user can read data or crash the application.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU63913
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU63813
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3744
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c. A local user can force the application to leak memory and perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU63767
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU64210
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3753
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource exhaustion
EUVDB-ID: #VU63914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3759
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU63817
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3764
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak error in the ccp_run_aes_gcm_cmd() function in Linux kernel. A local user can trigger a memory leak error and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect permission assignment for critical resource
EUVDB-ID: #VU63665
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-38198
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page. A local user can trigger an error to perform a denial of service attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Race condition
EUVDB-ID: #VU63667
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-40490
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Realtime: 15-SP3
SUSE MicroOS: 5.1
ocfs2-kmp-rt-debuginfo: before 5.3.18-57.1
ocfs2-kmp-rt: before 5.3.18-57.1
kernel-syms-rt: before 5.3.18-57.1
kernel-rt_debug-devel-debuginfo: before 5.3.18-57.1
kernel-rt_debug-devel: before 5.3.18-57.1
kernel-rt_debug-debugsource: before 5.3.18-57.1
kernel-rt_debug-debuginfo: before 5.3.18-57.1
kernel-rt-devel-debuginfo: before 5.3.18-57.1
kernel-rt-devel: before 5.3.18-57.1
gfs2-kmp-rt-debuginfo: before 5.3.18-57.1
gfs2-kmp-rt: before 5.3.18-57.1
dlm-kmp-rt-debuginfo: before 5.3.18-57.1
dlm-kmp-rt: before 5.3.18-57.1
cluster-md-kmp-rt-debuginfo: before 5.3.18-57.1
cluster-md-kmp-rt: before 5.3.18-57.1
kernel-source-rt: before 5.3.18-57.1
kernel-devel-rt: before 5.3.18-57.1
kernel-rt-debugsource: before 5.3.18-57.1
kernel-rt-debuginfo: before 5.3.18-57.1
kernel-rt: before 5.3.18-57.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_realtime:15-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_microos:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
