
Linux Vulnerabilities of the Week: July 26, 2021
See this week's top Linux issues and keep your IT environment protected from the latest July Linux vulnerabilities.
1. Out-of-bounds write in ANGLE in Google Chrome (< 91.0.4472.101)
Severity: Important   CVSS Score: 8.8
This is a flaw in ANGLE. Exploiting this vulnerability, a remote attacker can potentially perform out-of-bounds memory access via a crafted HTML page.
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
 Syxscore Risk Alert
This vulnerability has a major risk as though it requires user interaction to be exploited, this can be exposed over any network, with a low complexity attack and no privileges.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-30547
2. An out-of-bounds memory write flaw in the Linux kernel affecting Red Hat Enterprise Linux 7 and 8
Severity: Important   CVSS Score: 7.8
This is a flaw in the Linux kernel’s joystick devices subsystem before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. A local attacker can use this flaw to crash the system or escalate their privileges on the system.
The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Syxscore Risk Alert
This vulnerability has a major risk as although this needs access to the same network as the device, it can be exploited with a low complexity attack, low privileges, and without user interaction.
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-3612
3. Incorrect comparison during range check elimination in OpenJDK
Severity: Important   CVSS Score: 7.5
This is a flaw in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). The vulnerability is difficult to exploit as attacks require human interaction from a person other than the attacker.
Using this vulnerability, an unauthenticated attacker with network access via multiple protocols can compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker.
The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Syxscore Risk Alert
This vulnerability has a major risk as although this requires user interaction and a complex attack to be exploited, it can be exposed over any network with no privileges.
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-2388
4. Out-of-bounds write in the Linux kernel’s fs/seq_file.c
Severity: Important   CVSS Score: 7.0
Exploiting this flaw, a local attacker with a user privilege can escalate their privileges to root gaining access to out-of-bound memory, which can result in a system crash or a leak of internal kernel information.
The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
Syxscore Risk Alert
This vulnerability has a major risk as although this needs access to the same network as the device and the complexity of an attack is high, it requires low privileges and no user interaction.
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-33909
5. race condition for removal of the HCI controller in the kernel affecting Red Hat Enterprise Linux 7
Severity: Important   CVSS Score: 7.0
This is a flaw in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. It allows a local attacker to exploit a race condition, leading to corrupted memory and possible privilege escalation.
The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Syxscore Risk Alert
This vulnerability has a major risk as although this needs access to the same network as the device and requires a complex attack to be exploited, it needs low privileges and no user interaction.
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-32399
Try Linux Patching with Syxsense
Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.