|
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow
attackers to corrupt kernel heaps and adopt further exploitations.
(bsc#1186666)
- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to
leak the contents of arbitrary kernel memory (and therefore, of all
physical memory) via a side-channel. (bsc#1187554)
- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local
users to obtain sensitive information from kernel stack memory because
parts of a data structure are uninitialized. (bsc#1187452)
- CVE-2021-0129: Fixed improper access control in BlueZ that may have
allowed an authenticated user to potentially enable information
disclosure via adjacent access (bnc#1186463).
- CVE-2020-36385: Fixed a use-after-free via the ctx_list in some
ucma_migrate_id situations where ucma_close is called (bnc#1187050).
- CVE-2020-26558: Fixed Bluetooth LE and BR/EDR secure pairing in
Bluetooth Core Specification 2.1 (bnc#1179610, bnc#1186463).
- CVE-2020-36386: Fixed an out-of-bounds read issue in
hci_extended_inquiry_result_evt (bnc#1187038).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-July/009131.html
|