Skip to main content
News

Linux Vulnerabilities of the Week: September 6, 2021

By September 6, 2021June 22nd, 2022No Comments
||

Linux Vulnerabilities of the Week: September 6, 2021

See this week's top Linux issues and keep your IT environment protected from the latest August Linux vulnerabilities.

[vc_empty_space]
[vc_single_image image=”364537″ img_size=”full”]

1. Missing request length checks in LibX11 affecting Red Hat Enterprise Linux 8

Severity: Critical    CVSS Score: 9.8

This is a missing validation flaw in libX11 before 1.7.1. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets).

This flaw allows a remote attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31535

[vc_separator]

2. Xen vulnerability leading to DoS

Severity: Important    CVSS Score: 7.8

Grant table v2 status pages may remain accessible after de-allocation Guest gets permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime.

Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped.

The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them becoming mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.

Exploiting this flaw, local attackers can elevate their privileges and trigger denial-of-service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it has low complexity, needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-28697

[vc_separator]

3. Returning of invalid host names in Go (<1.15.13)

Severity: Important    CVSS Score: 7.6

The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33195

[vc_separator]

4. An out-of-bounds write flaw in the Linux kernel’s Filesystem layer

Severity: Important    CVSS Score: 7.8

Exploiting this flaw, a local attacker with a user privilege can gain access to out-of-bound memory, which will result in a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion before performing operations.

The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exploited with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33909

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”]
[vc_single_image image=”37252″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1611965477970{padding-right: 20px !important;padding-left: 20px !important;}”]

Leave a Reply