SUSE-SU-2021:3360-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2021-31440 CVE-2021-3573 CVE-2021-3640 CVE-2021-38160

Published: 12 Oct 2021, 12:02

Last modified:02 May 2025, 04:31

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Oct 2021, 12:02

Published

Vulnerability first disclosed

02 May 2025, 04:31

Last Modified

Vulnerability information updated

Description

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-57 fixes several issues. The following security issues were fixed: - CVE-2021-31440: Fixed a lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. (bsc#1190127). - CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118) - CVE-2021-3640: Fixed a user-after-free bug in the function sco_sock_sendmsg which could lead to local privilege escalation. (bsc#1188613) - CVE-2021-3573: Fixed a user-after-free bug in the function hci_sock_bound_ioctl which could lead to local privilege escalation. (bsc#1187054).

Affected Systems

suse•kernel-livepatch-SLE15-SP3_Update_0&distro=SUSE Linux Enterprise Live Patching 15 SP3
< 7-3.1

SUSE-SU-2021:3360-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (9)