SUSE update for the Linux Kernel



Risk Low
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2018-9517
CVE-2019-3874
CVE-2019-3900
CVE-2020-12770
CVE-2021-34556
CVE-2021-35477
CVE-2021-3640
CVE-2021-3653
CVE-2021-3656
CVE-2021-3679
CVE-2021-3732
CVE-2021-3753
CVE-2021-3759
CVE-2021-38198
CVE-2021-38204
CWE-ID CWE-416
CWE-20
CWE-835
CWE-200
CWE-203
CWE-264
CWE-400
CWE-125
CWE-732
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SUSE Linux Enterprise High Availability
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise Workstation Extension
Operating systems & Components / Operating system

SUSE Linux Enterprise Software Development Kit
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_88-default
Operating systems & Components / Operating system package or component

kernel-default-kgraft-devel
Operating systems & Components / Operating system package or component

kernel-default-kgraft
Operating systems & Components / Operating system package or component

kernel-default-man
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-default-base-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

kernel-default-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-extra
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU19987

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-9517

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in pppol2tp_connect. A local user can trigger memory corruption and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU70466

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3874

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Infinite loop

EUVDB-ID: #VU19998

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3900

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in vhost_net kernel module when processing incoming packets in handle_rx(). A remote attacker with access to guest operating system can stall the vhost_net kernel thread and cause denial of service conditions.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU28170

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-12770

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU64203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-34556

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Observable discrepancy

EUVDB-ID: #VU92412

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-35477

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to observable discrepancy error. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU63769

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3640

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Security restrictions bypass

EUVDB-ID: #VU56904

Risk: Low

CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3653

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.

As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security restrictions bypass

EUVDB-ID: #VU56929

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3656

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest.

The vulnerability allows the L2 guest to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource exhaustion

EUVDB-ID: #VU63664

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3679

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74548

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3732

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU64210

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3753

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource exhaustion

EUVDB-ID: #VU63914

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3759

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Incorrect permission assignment for critical resource

EUVDB-ID: #VU63665

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38198

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page. A local user can trigger an error to perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU63666

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38204

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

ocfs2-kmp-default: before 4.12.14-122.88.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.88.1

gfs2-kmp-default: before 4.12.14-122.88.1

dlm-kmp-default-debuginfo: before 4.12.14-122.88.1

dlm-kmp-default: before 4.12.14-122.88.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.88.1

cluster-md-kmp-default: before 4.12.14-122.88.1

kgraft-patch-4_12_14-122_88-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.88.1

kernel-default-kgraft: before 4.12.14-122.88.1

kernel-default-man: before 4.12.14-122.88.1

kernel-source: before 4.12.14-122.88.1

kernel-macros: before 4.12.14-122.88.1

kernel-devel: before 4.12.14-122.88.1

kernel-default-devel-debuginfo: before 4.12.14-122.88.1

kernel-syms: before 4.12.14-122.88.1

kernel-default-devel: before 4.12.14-122.88.1

kernel-default-base-debuginfo: before 4.12.14-122.88.1

kernel-default-base: before 4.12.14-122.88.1

kernel-default: before 4.12.14-122.88.1

kernel-docs: before 4.12.14-122.88.1

kernel-obs-build-debugsource: before 4.12.14-122.88.2

kernel-obs-build: before 4.12.14-122.88.2

kernel-default-extra-debuginfo: before 4.12.14-122.88.1

kernel-default-extra: before 4.12.14-122.88.1

kernel-default-debugsource: before 4.12.14-122.88.1

kernel-default-debuginfo: before 4.12.14-122.88.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213206-1/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###