Linux Vulnerabilities of the Week: June 7, 2021

Linux Vulnerabilities of the Week: June 7, 2021

1. The Linux kernel eBPF implementation vulnerability affecting Red Hat Enterprise Linux 7 and 8

 Severity: Important   CVSS Score: 7.8

This is a flaw in the Linux kernel through 5.11.12 eBPF implementation.

By default, only privileged users with CAP_SYS_ADMIN can access the eBPF verifier. This vulnerability allows a local user to corrupt memory, executing arbitrary code within the kernel context.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, with low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29154

2. XML round-trip vulnerability in REXML affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues, which may result in incorrect document production after parsing and serializing.

The highest threat from this vulnerability is to system integrity.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-28965

3. The Squid URN processing vulnerability affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.4

This is an input validation flaw in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, a malicious server in collaboration with a trusted client can consume arbitrarily large amounts of memory on the server running Squid, which can result in DoS (denial of service).

Syxscore Risk Alert

This vulnerability has a very high risk as although it requires user interaction, this can be exposed over any network, with a low complexity attack, and no privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-28651

4. The Nitro Enclaves kernel driver vulnerability

Severity: Medium       CVSS Score: 6.7

The way that Enclaves VMs forces closures on the enclave file descriptor has a null pointer dereference. Exploiting this flaw, a local user of a host machine can crash the system or escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this needs access to the same network as the device and requires high privileges, it can be exposed with a low complexity attack and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3543

5. The avahi vulnerability affecting Red Hat Enterprise Linux 8

Severity: Moderate    CVSS Score: 6.2

This is a flaw in avahi in versions 0.6 up to 0.8. A local user can trigger an infinite loop, exploiting the incorrect handling of the event used to signal the termination of the client connection on the avahi Unix socket in the client_work function.

The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, with no privileges and no user interaction required.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3468

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.