Linux Vulnerabilities of the Week: April 26, 2021

Linux Vulnerabilities of the Week: April 26, 2021

1. Mariadb vulnerability

Severity: Important    CVSS Score: 7.2

This is a remote code execution issue in some versions of MariaDB; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. A database user that has the SUPER privilege can execute arbitrary code as the system MySQL user after modifying wsrep_provider and wsrep_notify_cmd.

 Syxscore Risk Alert

This vulnerability has a high risk as though it requires high privileges, this can be exposed over any network, with low complexity attack, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-27928

2. Apache Tomcat deserialization flaw incomplete fix affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.0

When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, an attacker creating a specially crafted request can trigger remote code execution through deserialization of the file under their control.

The highest threat from the vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although this needs access to the same network as the device and requires an attack of high complexity, it requires low privileges and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25329

3. Buffer overflow in the RPA PCI Hotplug driver affecting Red Hat Enterprise Linux 7 and 8

Severity: Medium       CVSS Score: 6.7

This is a vulnerability in the Linux kernel’s implementation of the RPA PCI Hotplug driver for power-pc. The driver has a user-tolerable buffer overflow which allows a privileged user to write to the sysfs settings for this driver.

It can result in a buffer overflow when writing a new device name to the driver from userspace, and data in the kernel’s stack can be overwritten.

Syxscore Risk Alert

This vulnerability has a moderate risk as this needs access to the same network as the device and requires high privileges. However, it can be exposed with the low complexity attack, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-28972

  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29154

4. GitHub containers/storage (< 1.28.1) vulnerability

Severity: Medium       CVSS Score: 6.5

This is a deadlock flaw in `github.com/containers/storage`. During container image processing, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive, it can result in a situation when the code indefinitely waits for the “tar” unpacked stream, which never finishes.

This allows an attacker to craft a malicious image which after its download and storage using containers/storage would cause a deadlock that may lead to a Denial of Service (DoS).

Syxscore Risk Alert

This vulnerability has a moderate risk as though it requires user interaction, it can be exposed over any network by an attack of low complexity, with no privileges.

  • Attack Vector:             Network
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         Required
  • Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-20291

5. Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition vulnerability

Severity: Medium       CVSS Score: 5.3

This is a vulnerability in the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition product of Oracle Java SE.

Exploiting this flaw an unauthenticated attacker with network access via multiple protocols can compromise the above-mentioned components. Attacks require a network user interaction to be successful. But if attackers do succeed, they can create, delete, or modify access to critical data contained in the vulnerable software.

Syxscore Risk Alert

This vulnerability has a moderate risk as though it requires user interaction, it can be exposed over any network by a complex attack, with no privileges.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2163

  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3449

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Recent Posts

Topics

Related Posts

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024