Linux Vulnerabilities of the Week: April 19, 2021

Linux Vulnerabilities of the Week: April 19, 2021

1. Nettle (<3.7.2. version) signature verification vulnerability affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 8.1

Exploiting this vulnerability, an attacker can force an invalid signature and cause an assertion failure or possible validation.

The highest threat from this vulnerability is to confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as though it requires an attack of high complexity, this can be exposed over any network, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-20305

2. An out-of-bounds access flaw in the Linux kernel’s implementation of the eBPF code verifier

Severity: Important    CVSS Score: 7.8

When the source register was known to be 0, the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation.

This vulnerability allows a privileged local user with CAP_SYS_ADMIN or non-standard configuration for running BPF script to crash the system. The highest threat from this vulnerability is to confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, requires low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3444

3. Local privilege escalation due to incorrect BPF JIT branch displacement computation

Severity: Important    CVSS Score: 7.8

BPF JIT compilers in the Linux kernel through 5.11.12 have the wrong computation of branch displacements. It allows them to execute arbitrary code within the kernel context.

Exploiting this flaw, a local user with the ability to insert eBPF instructions can abuse a flaw in eBPF and corrupt memory. The highest threat from this vulnerability is to confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, the attack is of low complexity, needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29154

4. OpenSSL(>1.1.1h) vulnerability

Severity: Important    CVSS Score: 7.4

Starting from OpenSSL version 1.1.1, the flag that enables additional security checks of certificates present in a certificate chain was added as an additional strict check. An error in its implementation meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten.

To be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.

Syxscore Risk Alert

This vulnerability has a major risk as it can be exposed over any network by a complex attack, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3450

5. NULL pointer vulnerability in OpenSSL 1.1.1

Severity: Medium       CVSS Score: 5.9

If a client sends a maliciously crafted renegotiation ClientHello message, omitting the signature_algorithms extension (where it was present in the initial ClientHello) but includes a signature_algorithms_cert extension, then a NULL pointer dereference can lead to a crash and a denial-of-service attack. Only servers with TLSv1.2 and renegotiation enabled (which is the default configuration) are vulnerable. Besides, this issue doesn’t have an impact on the OpenSSL TLS clients.

Syxscore Risk Alert

This vulnerability has a moderate risk as it can be exposed over any network by a complex attack, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3449

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.