Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2021-3752 CVE-2021-41864 |
CWE-ID | CWE-416 CWE-787 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
SUSE Linux Enterprise Module for Live Patching Operating systems & Components / Operating system kernel-livepatch-SLE15-SP2_Update_10-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_49-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-24_49-default Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU63767
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel (Live Patch 10 for SLE 15 SP2) to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Live Patching: 15-SP2
kernel-livepatch-SLE15-SP2_Update_10-debugsource: before 12-2.2
kernel-livepatch-5_3_18-24_49-default-debuginfo: before 12-2.2
kernel-livepatch-5_3_18-24_49-default: before 12-2.2
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20213737-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63855
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-41864
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
MitigationUpdate the affected package the Linux Kernel (Live Patch 10 for SLE 15 SP2) to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Live Patching: 15-SP2
kernel-livepatch-SLE15-SP2_Update_10-debugsource: before 12-2.2
kernel-livepatch-5_3_18-24_49-default-debuginfo: before 12-2.2
kernel-livepatch-5_3_18-24_49-default: before 12-2.2
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20213737-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.