Skip to main content
News

Linux Vulnerabilities of the Week: May 17, 2021

By May 23, 2021June 22nd, 2022No Comments
||

Linux Vulnerabilities of the Week: May 17, 2021

Are you caught up on May's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

[vc_empty_space]
[vc_single_image image=”364537″ img_size=”full”]

1. A Linux kernel (<11.9) use-after-free flaw in drivers/vhost/vdpa.c

Severity: Important    CVSS Score: 7.8

This is a vulnerability in the Linux kernel. An invalid value upon reopening a character device can cause use-after-free memory corruption. The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, which needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29266

[vc_separator]

2. Single-file application privilege escalation in DotNet affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.3

Using this flaw in DotNet, an attacker can gain elevated privileges through a .NET Core single-file application running with elevated permissions.

The highest threat to this vulnerability is to confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although this needs access to the same network as the device and requires user interaction, it can be exposed with a low complexity attack with low privileges.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31204

[vc_separator]

3. Oracle Java SE Libraries flaw

Severity: Medium       CVSS Score: 5.9

This flaw allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition, which will lead to unauthorized creation, deletion, or modification of access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.

Syxscore Risk Alert

This vulnerability has a moderate risk as, though it requires a high complexity attack to be exposed and user interaction,  it still can be exposed over any network, with no privileges

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2161

[vc_separator]

4. MySQL Server vulnerability

Severity: Medium       CVSS Score: 4.9

Using this easily exploitable vulnerability, an attacker with high privileges and network access via multiple protocols can compromise MySQL Server and cause a hang or frequently repeatable crash (complete DOS) of it.

The highest threat to this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as although an attack requires high privileges, the flaw can be exposed over any network by a low complexity attack without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2146

[vc_separator]

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”]
[vc_single_image image=”37252″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1611965477970{padding-right: 20px !important;padding-left: 20px !important;}”]

Leave a Reply