
Linux Vulnerabilities of the Week: April 19, 2021
Are you caught up on April's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.
1. Nettle (<3.7.2. version) signature verification vulnerability affecting Red Hat Enterprise Linux 8
Severity: Important   CVSS Score: 8.1
Exploiting this vulnerability, an attacker can force an invalid signature and cause an assertion failure or possible validation.
The highest threat from this vulnerability is to confidentiality and system availability.
Syxscore Risk Alert
This vulnerability has a major risk as though it requires an attack of high complexity, this can be exposed over any network, with no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-20305
2. An out-of-bounds access flaw in the Linux kernel’s implementation of the eBPF code verifier
Severity: Important   CVSS Score: 7.8
When the source register was known to be 0, the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation.
This vulnerability allows a privileged local user with CAP_SYS_ADMIN or non-standard configuration for running BPF script to crash the system. The highest threat from this vulnerability is to confidentiality and system availability.
Syxscore Risk Alert
This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, requires low privileges, and no user interaction.
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-3444
3. Local privilege escalation due to incorrect BPF JIT branch displacement computation
Severity: Important   CVSS Score: 7.8
BPF JIT compilers in the Linux kernel through 5.11.12 have the wrong computation of branch displacements. It allows them to execute arbitrary code within the kernel context.
Exploiting this flaw, a local user with the ability to insert eBPF instructions can abuse a flaw in eBPF and corrupt memory. The highest threat from this vulnerability is to confidentiality and system availability.
Syxscore Risk Alert
This vulnerability has a major risk as although this needs access to the same network as the device, the attack is of low complexity, needs low privileges, and no user interaction.
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-29154
4. OpenSSL(>1.1.1h) vulnerability
Severity: Important   CVSS Score: 7.4
Starting from OpenSSL version 1.1.1, the flag that enables additional security checks of certificates present in a certificate chain was added as an additional strict check. An error in its implementation meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten.
To be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.
Syxscore Risk Alert
This vulnerability has a major risk as it can be exposed over any network by a complex attack, with no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-3450
5. NULL pointer vulnerability in OpenSSL 1.1.1
Severity: Medium      CVSS Score: 5.9
If a client sends a maliciously crafted renegotiation ClientHello message, omitting the signature_algorithms extension (where it was present in the initial ClientHello) but includes a signature_algorithms_cert extension, then a NULL pointer dereference can lead to a crash and a denial-of-service attack. Only servers with TLSv1.2 and renegotiation enabled (which is the default configuration) are vulnerable. Besides, this issue doesn’t have an impact on the OpenSSL TLS clients.
Syxscore Risk Alert
This vulnerability has a moderate risk as it can be exposed over any network by a complex attack, with no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-3449
Try Linux Patching with Syxsense
Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.