SUSE update for the Linux Kernel



Risk Low
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2020-36310
CVE-2020-36312
CVE-2020-36322
CVE-2021-28950
CVE-2021-29155
CVE-2021-29650
CVE-2021-3444
CWE-ID CWE-835
CWE-401
CWE-404
CWE-834
CWE-125
CWE-119
Exploitation vector Local
Public exploit Public exploit code for vulnerability #5 is available.
Vulnerable software
 SUSE Linux Enterprise High Availability
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise Workstation Extension
Operating systems & Components / Operating system

SUSE Linux Enterprise Software Development Kit
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_71-default
Operating systems & Components / Operating system package or component

kernel-default-kgraft-devel
Operating systems & Components / Operating system package or component

kernel-default-kgraft
Operating systems & Components / Operating system package or component

kernel-default-man
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-default-base-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

kernel-default-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-extra
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU61272

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36310

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c. A local user can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU67183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36312

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists in the KVM hypervisor of the Linux kernel. A local user can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Resource Shutdown or Release

EUVDB-ID: #VU59473

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36322

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Excessive Iteration

EUVDB-ID: #VU58207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28950

CWE-ID: CWE-834 - Excessive Iteration

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive iteration in fs/fuse/fuse_i.h in the Linux kernel. A local user can run a specially crafted program to perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU67490

Risk: Low

CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-29155

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism. A local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Buffer overflow

EUVDB-ID: #VU56240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29650

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU90368

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3444

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the fixup_bpf_calls() function in kernel/bpf/verifier.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###