Security update for the Linux Kernel (Live Patch 23 for SLE 15)
Details
This update for the Linux Kernel 4.12.14-150_69 fixes several issues.
The following security issues were fixed:
CVE-2021-3715: Fixed a user-after-free in the Linux kernel's Traffic Control networking subsystem which could lead to local privilege escalation. (bsc#1190350).
CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118)
CVE-2021-3640: Fixed a user-after-free bug in the function scosocksendmsg which could lead to local privilege escalation. (bsc#1188613)
CVE-2021-3573: Fixed a user-after-free bug in the function hcisockbound_ioctl which could lead to local privilege escalation. (bsc#1187054).