SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2021:3207-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.4.2021.3207.1

Categoría: SuSE Local Security Checks

Título: SUSE: Security Advisory (SUSE-SU-2021:3207-1)

Resumen: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3207-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3207-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead
to breaking memcg limits and DoS attacks (bsc#1190115).

CVE-2021-38160: Data corruption or loss could be triggered by an
untrusted device that supplies a buf->len value exceeding the buffer
size in drivers/char/virtio_console.c (bsc#1190117)

CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).

CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling
(bsc#1190025).

CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).

CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by
invalid id (bsc#1189832 ).

CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace
can reveal files (bsc#1189706).

CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows
a malicious L1 guest to enable AVIC support for the L2 guest.
(bsc#1189399).

CVE-2021-3656: Missing validation of the `virt_ext` VMCB field and
allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and
VLS for the L2 guest (bsc#1189400).

CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the
access permissions of a shadow page, leading to a missing guest
protection page fault (bnc#1189262).

CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed
remote attackers to cause a denial of service (buffer overflow and
lockup) by sending heavy network traffic for about ten minutes
(bnc#1189298).

CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it
easier for attackers to defeat an ASLR protection mechanism because it
prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).

CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically
proximate attackers to cause a denial of service (use-after-free and
panic) by removing a MAX-3421 USB device in certain situations
(bnc#1189291).

CVE-2021-3679: A lack of CPU resource in tracing module functionality
was found in the way user uses trace ring buffer in a specific way. Only
privileged local users (with CAP_SYS_ADMIN capability) could use this
flaw to starve the resources causing denial of service (bnc#1189057).

CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
via unprivileged BPF program that could have obtain sensitive
information from kernel memory (bsc#1188983).

CVE-2021-35477: Fixed BPF stack frame pointer which could have been
abused to disclose content of arbitrary kernel memory (bsc#1188985).

The following non-security bugs were fixed:

ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).

ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)

ACPI: processor: Export ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE MicroOS 5.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-3640
Common Vulnerability Exposure (CVE) ID: CVE-2021-3653
https://bugzilla.redhat.com/show_bug.cgi?id=1983686
https://www.openwall.com/lists/oss-security/2021/08/16/1
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3656
Common Vulnerability Exposure (CVE) ID: CVE-2021-3679
Debian Security Information: DSA-4978 (Google Search)
https://www.debian.org/security/2021/dsa-4978
https://bugzilla.redhat.com/show_bug.cgi?id=1989165
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a
Common Vulnerability Exposure (CVE) ID: CVE-2021-3732
Common Vulnerability Exposure (CVE) ID: CVE-2021-3739
Common Vulnerability Exposure (CVE) ID: CVE-2021-3743
Common Vulnerability Exposure (CVE) ID: CVE-2021-3753
Common Vulnerability Exposure (CVE) ID: CVE-2021-3759

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.4.2021.3207.1
Categoría:	SuSE Local Security Checks
Título:	SUSE: Security Advisory (SUSE-SU-2021:3207-1)
Resumen:	The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3207-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3207-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). CVE-2021-3656: Missing validation of the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). The following non-security bugs were fixed: ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) ACPI: processor: Export ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE MicroOS 5.0. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3640 Common Vulnerability Exposure (CVE) ID: CVE-2021-3653 https://bugzilla.redhat.com/show_bug.cgi?id=1983686 https://www.openwall.com/lists/oss-security/2021/08/16/1 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3656 Common Vulnerability Exposure (CVE) ID: CVE-2021-3679 Debian Security Information: DSA-4978 (Google Search) https://www.debian.org/security/2021/dsa-4978 https://bugzilla.redhat.com/show_bug.cgi?id=1989165 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a Common Vulnerability Exposure (CVE) ID: CVE-2021-3732 Common Vulnerability Exposure (CVE) ID: CVE-2021-3739 Common Vulnerability Exposure (CVE) ID: CVE-2021-3743 Common Vulnerability Exposure (CVE) ID: CVE-2021-3753 Common Vulnerability Exposure (CVE) ID: CVE-2021-3759
Copyright	Copyright (C) 2021 Greenbone Networks GmbH