Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
SUSE: Security Advisory (SUSE-SU-2021:3806-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3806-1 advisory.
Insight
Insight
The SUSE Linux Enterprise 15 SP3 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can re-enable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). The following non-security bugs were fixed: ABI: sysfs-kernel-slab: Document some stats (git-fixes). ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). ALSA: hda: Free card instance properly at probe errors (git-fixes). ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). ALSA: hda: Use position buffer for SKL+ again (git-fixes). ALSA: ua101: fix division by zero at probe (git-fixes). ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). ALSA: usb-audio: Use int for dB map values (bsc#1192375). ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). ASoC: cs42l42: Correct some register default values (git-fixes). ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). ASoC: cs42l42: Do not set defaults for volatile ... [Please see the references for more information on the vulnerabilities]
Affected Software
Affected Software
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15-SP3.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).