Linux Kernel Multiple Vulnerabilities

Impact

• Elevation of Privilege
• Information Disclosure
• Data Manipulation

System / Technologies affected

• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• Oracle Linux 7
• Oracle Linux 8

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

For detail, please refer to the links below:

• https://www.suse.com/support/update/announcement/2021/suse-su-20212384-1/
  https://linux.oracle.com/errata/ELSA-2021-9362.html
  https://linux.oracle.com/errata/ELSA-2021-9363.html

Vulnerability Identifier

• CVE-2019-2308
• CVE-2020-25670
• CVE-2020-25671
• CVE-2020-25672
• CVE-2021-23133
• CVE-2021-29155
• CVE-2021-31829
• CVE-2021-32399
• CVE-2021-33033
• CVE-2021-33034

Source

• Suse
• Oracle
• AusCERT
• SecurityWizardry

Related Link

• https://www.suse.com/support/update/announcement/2021/suse-su-20212384-1/
• https://linux.oracle.com/errata/ELSA-2021-9362.html
• https://linux.oracle.com/errata/ELSA-2021-9363.html
• https://www.auscert.org.au/bulletins/ESB-2021.2423
• https://www.securitywizardry.com/the-radar-page/alert-details#alerts