SB2021041225 - SUSE Linux Enterprise Server update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021041225

SB2021041225 - SUSE Linux Enterprise Server update for kernel

Published: April 12, 2021

Security Bulletin ID SB2021041225
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2020-0429)

The vulnerability allows a local privileged user to execute arbitrary code.

In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2020-1749)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted.


3) Cleartext transmission of sensitive information (CVE-ID: CVE-2020-25645)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to traffic passed between two Geneve endpoints with configured IPsec can be unencrypted for the specific UDP port. A remote attacker with ability to intercept network traffic can gain access to sensitive data.


4) Information disclosure (CVE-ID: CVE-2021-27363)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.


5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-27364)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.


6) Buffer overflow (CVE-ID: CVE-2021-27365)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.


Remediation

Install update from vendor's website.

References