Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2021-3715) ELSA-2021-3438: kernel security and bug fix update

Back to Search

Oracle Linux: (CVE-2021-3715) ELSA-2021-3438: kernel security and bug fix update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/07/2021
Created
09/10/2021
Added
09/08/2021
Modified
09/08/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2021-3438:

[3.10.0-1160.42.2.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.42.2] - net_sched: cls_route: remove the right filter from hashtable (Ivan Vecera) [1992926] [3.10.0-1160.42.1] - [s390] s390/dasd: fix list corruption of lcu list (Claudio Imbrenda) [1889418] - [s390] s390/dasd: fix list corruption of pavgroup group list (Claudio Imbrenda) [1889418] - [s390] s390/dasd: prevent inconsistent LCU device data (Claudio Imbrenda) [1889418] - [s390] s390/dasd: fix hanging device offline processing (Claudio Imbrenda) [1889418]

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;