Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SUSE: Security Advisory (SUSE-SU-2021:2687-1)

Information

Severity

Severity

High

Family

Family

SuSE Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.2

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:2687-1 advisory.

Insight

Insight

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). CVE-2021-22543: Fixed improper handling of VM_IO<pipe>VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). ACPI: DPTF: Fix reading of attributes (git-fixes). ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). ACPI: resources: Add checks for ACPI IRQ override (git-fixes). ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). ACPICA: Fix memory leak caused by _CID repair function (git-fixes). ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). ALSA: bebob: add support for ToneWeal FW66 (git-fixes). ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). ALSA: hda/realtek: Improve fixup for HP ... [Please see the references for more information on the vulnerabilities]

Affected Software

Affected Software

'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 15-SP3, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Development Tools 15-SP3, SUSE Linux Enterprise Module for Legacy Software 15-SP3, SUSE Linux Enterprise Module for Live Patching 15-SP3, SUSE Linux Enterprise Workstation Extension 15-SP3.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

Please install the updated package(s).