SUSE update for the Linux Kernel



Risk Low
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2020-35519
CVE-2020-36322
CVE-2021-20261
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2021-28950
CVE-2021-28972
CVE-2021-29650
CVE-2021-30002
CVE-2021-3483
CWE-ID CWE-125
CWE-404
CWE-362
CWE-200
CWE-264
CWE-119
CWE-834
CWE-401
CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
 SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Debuginfo
Operating systems & Components / Operating system

kernel-pae-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-pae-debugsource
Operating systems & Components / Operating system package or component

kernel-pae-debuginfo
Operating systems & Components / Operating system package or component

kernel-ppc64-debugsource
Operating systems & Components / Operating system package or component

kernel-ppc64-debuginfo
Operating systems & Components / Operating system package or component

kernel-bigmem-debugsource
Operating systems & Components / Operating system package or component

kernel-bigmem-debuginfo
Operating systems & Components / Operating system package or component

kernel-xen-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-xen-debugsource
Operating systems & Components / Operating system package or component

kernel-xen-debuginfo
Operating systems & Components / Operating system package or component

kernel-ec2-debugsource
Operating systems & Components / Operating system package or component

kernel-ec2-debuginfo
Operating systems & Components / Operating system package or component

kernel-trace-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-trace-debugsource
Operating systems & Components / Operating system package or component

kernel-trace-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-pae-extra
Operating systems & Components / Operating system package or component

kernel-ppc64-extra
Operating systems & Components / Operating system package or component

kernel-trace-extra
Operating systems & Components / Operating system package or component

kernel-xen-extra
Operating systems & Components / Operating system package or component

kernel-default-extra
Operating systems & Components / Operating system package or component

kernel-pae-devel
Operating systems & Components / Operating system package or component

kernel-pae-base
Operating systems & Components / Operating system package or component

kernel-pae
Operating systems & Components / Operating system package or component

kernel-ppc64-devel
Operating systems & Components / Operating system package or component

kernel-ppc64-base
Operating systems & Components / Operating system package or component

kernel-ppc64
Operating systems & Components / Operating system package or component

kernel-bigmem-devel
Operating systems & Components / Operating system package or component

kernel-bigmem-base
Operating systems & Components / Operating system package or component

kernel-bigmem
Operating systems & Components / Operating system package or component

kernel-default-man
Operating systems & Components / Operating system package or component

kernel-xen-devel
Operating systems & Components / Operating system package or component

kernel-xen-base
Operating systems & Components / Operating system package or component

kernel-xen
Operating systems & Components / Operating system package or component

kernel-ec2-devel
Operating systems & Components / Operating system package or component

kernel-ec2-base
Operating systems & Components / Operating system package or component

kernel-ec2
Operating systems & Components / Operating system package or component

kernel-trace-devel
Operating systems & Components / Operating system package or component

kernel-trace-base
Operating systems & Components / Operating system package or component

kernel-trace
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU51552

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-35519

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the x25_bind() function in net/x25/af_x25.c in the Linux kernel. A local user can run a specially crafted program to read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Resource Shutdown or Release

EUVDB-ID: #VU59473

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36322

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU91489

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-20261

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to a race condition within the set_fdc(), do_format(), user_reset_fdc(), set_geometry(), get_floppy_geometry(), fd_locked_ioctl(), floppy_check_events() and floppy_revalidate() functions in drivers/block/floppy.c. A local privileged user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU51453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-27363

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51452

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-27364

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU51451

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-27365

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Excessive Iteration

EUVDB-ID: #VU58207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28950

CWE-ID: CWE-834 - Excessive Iteration

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive iteration in fs/fuse/fuse_i.h in the Linux kernel. A local user can run a specially crafted program to perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU56819

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28972

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the drivers/pci/hotplug/rpadlpar_sysfs.c. A local administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU56240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29650

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU68552

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-30002

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU63659

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3483

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Nosy driver in the Linux kernel. A local user can trigger use-after-free and to escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-EXTRA - 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Debuginfo: 11-SP4

kernel-pae-devel-debuginfo: before 3.0.101-108.126.1

kernel-pae-debugsource: before 3.0.101-108.126.1

kernel-pae-debuginfo: before 3.0.101-108.126.1

kernel-ppc64-debugsource: before 3.0.101-108.126.1

kernel-ppc64-debuginfo: before 3.0.101-108.126.1

kernel-bigmem-debugsource: before 3.0.101-108.126.1

kernel-bigmem-debuginfo: before 3.0.101-108.126.1

kernel-xen-devel-debuginfo: before 3.0.101-108.126.1

kernel-xen-debugsource: before 3.0.101-108.126.1

kernel-xen-debuginfo: before 3.0.101-108.126.1

kernel-ec2-debugsource: before 3.0.101-108.126.1

kernel-ec2-debuginfo: before 3.0.101-108.126.1

kernel-trace-devel-debuginfo: before 3.0.101-108.126.1

kernel-default-devel-debuginfo: before 3.0.101-108.126.1

kernel-trace-debugsource: before 3.0.101-108.126.1

kernel-trace-debuginfo: before 3.0.101-108.126.1

kernel-default-debugsource: before 3.0.101-108.126.1

kernel-default-debuginfo: before 3.0.101-108.126.1

kernel-pae-extra: before 3.0.101-108.126.1

kernel-ppc64-extra: before 3.0.101-108.126.1

kernel-trace-extra: before 3.0.101-108.126.1

kernel-xen-extra: before 3.0.101-108.126.1

kernel-default-extra: before 3.0.101-108.126.1

kernel-pae-devel: before 3.0.101-108.126.1

kernel-pae-base: before 3.0.101-108.126.1

kernel-pae: before 3.0.101-108.126.1

kernel-ppc64-devel: before 3.0.101-108.126.1

kernel-ppc64-base: before 3.0.101-108.126.1

kernel-ppc64: before 3.0.101-108.126.1

kernel-bigmem-devel: before 3.0.101-108.126.1

kernel-bigmem-base: before 3.0.101-108.126.1

kernel-bigmem: before 3.0.101-108.126.1

kernel-default-man: before 3.0.101-108.126.1

kernel-xen-devel: before 3.0.101-108.126.1

kernel-xen-base: before 3.0.101-108.126.1

kernel-xen: before 3.0.101-108.126.1

kernel-ec2-devel: before 3.0.101-108.126.1

kernel-ec2-base: before 3.0.101-108.126.1

kernel-ec2: before 3.0.101-108.126.1

kernel-trace-devel: before 3.0.101-108.126.1

kernel-trace-base: before 3.0.101-108.126.1

kernel-trace: before 3.0.101-108.126.1

kernel-syms: before 3.0.101-108.126.1

kernel-source: before 3.0.101-108.126.1

kernel-default-devel: before 3.0.101-108.126.1

kernel-default-base: before 3.0.101-108.126.1

kernel-default: before 3.0.101-108.126.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###