
Linux Vulnerabilities of the Week: May 17, 2021
Are you caught up on May's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.
1. A Linux kernel (<11.9) use-after-free flaw in drivers/vhost/vdpa.c
Severity: Important   CVSS Score: 7.8
This is a vulnerability in the Linux kernel. An invalid value upon reopening a character device can cause use-after-free memory corruption. The highest threat from this vulnerability is to data confidentiality and system availability.
Syxscore Risk Alert
This vulnerability has a high risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, which needs low privileges, and no user interaction.
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-29266
2. Single-file application privilege escalation in DotNet affecting Red Hat Enterprise Linux 8
Severity: Important   CVSS Score: 7.3
Using this flaw in DotNet, an attacker can gain elevated privileges through a .NET Core single-file application running with elevated permissions.
The highest threat to this vulnerability is to confidentiality, and system availability.
Syxscore Risk Alert
This vulnerability has a high risk as although this needs access to the same network as the device and requires user interaction, it can be exposed with a low complexity attack with low privileges.
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-31204
3. Oracle Java SE Libraries flaw
Severity: Medium      CVSS Score: 5.9
This flaw allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition, which will lead to unauthorized creation, deletion, or modification of access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.
Syxscore Risk Alert
This vulnerability has a moderate risk as, though it requires a high complexity attack to be exposed and user interaction, it still can be exposed over any network, with no privileges
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-2161
4. MySQL Server vulnerability
Severity: Medium      CVSS Score: 4.9
Using this easily exploitable vulnerability, an attacker with high privileges and network access via multiple protocols can compromise MySQL Server and cause a hang or frequently repeatable crash (complete DOS) of it.
The highest threat to this vulnerability is to system availability.
Syxscore Risk Alert
This vulnerability has a moderate risk as although an attack requires high privileges, the flaw can be exposed over any network by a low complexity attack without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-2146
Try Linux Patching with Syxsense
Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.