Race Condition Affecting kernel-livepatch-5_3_18-24_67-default package, versions <10-2.1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES152-KERNELLIVEPATCH53182467DEFAULT-3265246
- published 14 Apr 2022
- disclosed 1 Mar 2022
How to fix?
Upgrade SLES:15.2 kernel-livepatch-5_3_18-24_67-default to version 10-2.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-livepatch-5_3_18-24_67-default package and not the kernel-livepatch-5_3_18-24_67-default package as distributed by SLES.
See How to fix? for SLES:15.2 relevant fixed versions and status.
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
References
- https://www.suse.com/security/cve/CVE-2021-0920.html
- https://bugzilla.suse.com/1193731
- https://bugzilla.suse.com/1194463
- https://bugzilla.suse.com/1195939
- https://bugzilla.suse.com/1199255
- https://bugzilla.suse.com/1200084
- https://source.android.com/security/bulletin/2021-11-01
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog