Rewterz Threat Advisory – CVE-2021-29657 – Linux Kernel Security Bypass Vulnerability

Rewterz Threat Advisory – CVE-2021-20461 – IBM Cognos Analytics Vulnerability

July 1, 2021

Rewterz Threat Alert – LockBit Ransomware targeting Network – Active IOCs

July 1, 2021

Rewterz Threat Advisory – CVE-2021-29657 – Linux Kernel Security Bypass Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-29657

Linux Kernel could allow a locally authenticated attacker to bypass security restrictions, caused by a time-of-check time-of-use (TOCTOU) race condition in the n nested_svm_vmrun function in KVM. By sending a specially crafted request, an attacker could exploit this vulnerability to gain unrestricted access to host MSRs.

Impact

Bypass security
Unauthorized Access

Affected Vendors

Linux

Affected Products

Linux Kernel 5.10
Linux Kernel 5.11
Linux Kernel 5.11.11

Remediation

Refer to Linux Kernel GIT Repository for the patch, upgrade, or suggested workaround information.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.28&id=5f6625f5cd5c593fae05a6ce22b406166bc796b8

Rewterz Threat Advisory – CVE-2021-20461 – IBM Cognos Analytics Vulnerability

Rewterz Threat Alert – LockBit Ransomware targeting Network – Active IOCs

Rewterz Threat Advisory – CVE-2021-29657 – Linux Kernel Security Bypass Vulnerability

Severity

Analysis Summary

CVE-2021-29657

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan