We would like to point out two vulnerabilities found in the Linux Kernel, that are high risk for our infrastructure.
CVE-2020-25211 A buffer overflow vulnerability has been announced by RedHat which may allow a local user to crash the system, compromise data confidentiality and the integrity of the system.
Additionally, this Advisory acts as an ‘UPDATE’ to the advisory sent on 6th January 2021 concerning this vulnerability and asking sites to mitigate.
CVE-2020-29661 A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Other vulnerabilities may also have been fixed in this release. Read the details about the vulnerabilities, how to fix or mitigate them in this SVG Advisory.