SUSE update for the Linux Kernel

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU53096

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-24587

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Wireless Networking. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Spoofing attack

EUVDB-ID: #VU53098

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-24588

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU63652

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25670

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can perform manipulation with an unknown input for the llcp_sock_bind() function to crash or escalate their privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU63653

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25671

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can trigger the llcp_sock_connect() function to crash or escalate their privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU63654

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-25672

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the NFC LLCP protocol implementation when triggering the llcp_sock_connect() function. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource exhaustion

EUVDB-ID: #VU63656

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25673

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control consumption of internal resources in non-blocking socket in llcp_sock_connect() function. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU53174

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-26139

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to forwarding EAPOL frames even though the sender is not yet authenticated. A remote attacker on the local network can cause a denial of service (DoS) condition on the target system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU53176

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-26141

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. A remote attacker on the local network can inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU53155

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-26145

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU53172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-26147

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. A remote attacker on the local network can inject packets and/or exfiltrate selected fragments

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Observable discrepancy

EUVDB-ID: #VU51774

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27170

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in kernel/bpf/verifier.c due to kernel performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations. A local user can run a specially crafted program to gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Off-by-one

EUVDB-ID: #VU51775

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27171

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an off-by-one error in kernel/bpf/verifier.c affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations. A local user can run a specially crafted program to gain access to sensitive information on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU94154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27673

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the clear_linked(), consume_one_event(), __evtchn_fifo_handle_events() and evtchn_fifo_percpu_init() functions in drivers/xen/events/events_fifo.c, within the module_param(), DEFINE_RWLOCK(), enable_dynirq(), notify_remote_via_irq(), EXPORT_SYMBOL_GPL(), xen_irq_init(), xen_free_irq(), xen_send_IPI_one(), __xen_evtchn_do_upcall(), xen_setup_callback_vector(), xen_evtchn_cpu_prepare() and xen_init_IRQ() functions in drivers/xen/events/events_base.c, within the active_evtchns() and evtchn_2l_handle_events() functions in drivers/xen/events/events_2l.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU49169

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27815

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU51552

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-35519

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the x25_bind() function in net/x25/af_x25.c in the Linux kernel. A local user can run a specially crafted program to read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Infinite loop

EUVDB-ID: #VU61272

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36310

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c. A local user can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55262

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36311

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to an error in arch/x86/kvm/svm/sev.c in Linux kernel, which allows soft lockup by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions).

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU67183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36312

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists in the KVM hypervisor of the Linux kernel. A local user can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper Resource Shutdown or Release

EUVDB-ID: #VU59473

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36322

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU64199

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-20268

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. A local user can crash the system or escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU63657

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-23134

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in nfc sockets in the Linux Kernel. A local user with the CAP_NET_RAW capability can trigger use-after-free and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Information disclosure

EUVDB-ID: #VU51453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-27363

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51452

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-27364

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

EUVDB-ID: #VU51451

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-27365

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Allocation of resources without limits or throttling

EUVDB-ID: #VU92417

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28038

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a local user to a crash the entire system.

The vulnerability exists due to allocation of resources without limits or throttling error within the xenvif_tx_action() function in drivers/net/xen-netback/netback.c. A local user can a crash the entire system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Missing authorization

EUVDB-ID: #VU92415

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28375

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to missing authorization error within the fastrpc_internal_invoke() function in drivers/misc/fastrpc.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds write

EUVDB-ID: #VU56817

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28660

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the "rtw_wx_set_scan" in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c. A local user can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper Initialization

EUVDB-ID: #VU63658

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28688

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. A local user can perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Excessive Iteration

EUVDB-ID: #VU58207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28950

CWE-ID: CWE-834 - Excessive Iteration

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive iteration in fs/fuse/fuse_i.h in the Linux kernel. A local user can run a specially crafted program to perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

EUVDB-ID: #VU59694

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the sound/soc/qcom/sdm845.c soundwire device driver in Linux kernel. A local user can run a specially crafted program to trigger a buffer overflow, when an unexpected port ID number is encountered, and execute arbitrary code on the system with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Race condition

EUVDB-ID: #VU63573

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28964

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a race condition in the get_old_root() function in fs/btrfs/ctree.c component in the Linux kernel. A local user can exploit the race and perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Resource exhaustion

EUVDB-ID: #VU64830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28971

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to mishandling of PEBS status in a PEBS record In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU56819

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28972

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the drivers/pci/hotplug/rpadlpar_sysfs.c. A local administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Command Injection

EUVDB-ID: #VU56241

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29154

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU67490

Risk: Low

CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-29155

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism. A local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

39) Input validation error

EUVDB-ID: #VU93697

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29264

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the gfar_add_rx_frag() and gfar_clean_rx_ring() functions in drivers/net/ethernet/freescale/gianfar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Race condition

EUVDB-ID: #VU91488

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29265

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the usbip_sockfd_store() function in drivers/usb/usbip/stub_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Information disclosure

EUVDB-ID: #VU57040

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29647

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in qrtr_recvmsg(0 function in net/qrtr/qrtr.c caused by a partially uninitialized data structure. A local user can read sensitive information from kernel memory.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU56240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29650

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU68552

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-30002

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Race condition

EUVDB-ID: #VU55257

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-32399

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition for removal of the HCI controller within net/bluetooth/hci_request.c in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU54454

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-33034

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in net/bluetooth/hci_event.c when destroying an hci_chan. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds write

EUVDB-ID: #VU87989

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-33200

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in kernel/bpf/verifier.c. A local user can trigger an out-of-bounds write and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Integer overflow

EUVDB-ID: #VU51551

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3428

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in fs/ext4/extents.c in ext4_es_cache_extent() function, if an extent tree is corrupted in a crafted ext4 filesystem. A local user can mount a specially crafted filesystem and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds read

EUVDB-ID: #VU90368

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3444

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the fixup_bpf_calls() function in kernel/bpf/verifier.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU63659

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3483

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Nosy driver in the Linux kernel. A local user can trigger use-after-free and to escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds read

EUVDB-ID: #VU90367

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3489

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the __bpf_ringbuf_reserve() function in kernel/bpf/ringbuf.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Out-of-bounds write

EUVDB-ID: #VU55975

Risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2021-3490

https://www.suse.com/support/update/announcement/2021/suse-su-20211975-1/

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in bpf. The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Public Cloud: 15-SP3

kernel-source-azure: before 5.3.18-38.3.1

kernel-devel-azure: before 5.3.18-38.3.1

kernel-syms-azure: before 5.3.18-38.3.1

kernel-azure-devel-debuginfo: before 5.3.18-38.3.1

kernel-azure-devel: before 5.3.18-38.3.1

kernel-azure-debugsource: before 5.3.18-38.3.1

kernel-azure-debuginfo: before 5.3.18-38.3.1

kernel-azure: before 5.3.18-38.3.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

52) Out-of-bounds write

EUVDB-ID: #VU68301

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3491