Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.1.4.2021.3207.1 |
Categoría: | SuSE Local Security Checks |
Título: | SUSE: Security Advisory (SUSE-SU-2021:3207-1) |
Resumen: | The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3207-1 advisory. |
Descripción: | Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3207-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). CVE-2021-3656: Missing validation of the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). The following non-security bugs were fixed: ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) ACPI: processor: Export ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE MicroOS 5.0. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-3640 Common Vulnerability Exposure (CVE) ID: CVE-2021-3653 https://bugzilla.redhat.com/show_bug.cgi?id=1983686 https://www.openwall.com/lists/oss-security/2021/08/16/1 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3656 Common Vulnerability Exposure (CVE) ID: CVE-2021-3679 Debian Security Information: DSA-4978 (Google Search) https://www.debian.org/security/2021/dsa-4978 https://bugzilla.redhat.com/show_bug.cgi?id=1989165 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a Common Vulnerability Exposure (CVE) ID: CVE-2021-3732 Common Vulnerability Exposure (CVE) ID: CVE-2021-3739 Common Vulnerability Exposure (CVE) ID: CVE-2021-3743 Common Vulnerability Exposure (CVE) ID: CVE-2021-3753 Common Vulnerability Exposure (CVE) ID: CVE-2021-3759 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |