Linux Vulnerabilities of the Week: September 6, 2021

Linux Vulnerabilities of the Week: September 6, 2021

1. Missing request length checks in LibX11 affecting Red Hat Enterprise Linux 8

Severity: Critical    CVSS Score: 9.8

This is a missing validation flaw in libX11 before 1.7.1. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets).

This flaw allows a remote attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31535

2. Xen vulnerability leading to DoS

Severity: Important    CVSS Score: 7.8

Grant table v2 status pages may remain accessible after de-allocation Guest gets permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime.

Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped.

The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them becoming mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.

Exploiting this flaw, local attackers can elevate their privileges and trigger denial-of-service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it has low complexity, needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-28697

3. Returning of invalid host names in Go (<1.15.13)

Severity: Important    CVSS Score: 7.6

The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33195

4. An out-of-bounds write flaw in the Linux kernel’s Filesystem layer

Severity: Important    CVSS Score: 7.8

Exploiting this flaw, a local attacker with a user privilege can gain access to out-of-bound memory, which will result in a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion before performing operations.

The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exploited with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33909

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Recent Posts

Topics

Related Posts

In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024
Syxsense Selected for 2024 CRN Partner Program Guide

Syxsense Selected for 2024 CRN Partner Program Guide

March 25, 2024