Kernel Security Update (MINDBREEZE19391)

ID: MINDBREEZE19391 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 7.0 Important​​​​​​​​​​​​​​ 
Status: Final 
First published: October 4, 2021 
CVEs: CVE-2021-33909, CVE-2019-20934 

Summary

• BZ - 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function
• BZ - 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 21.2 Release (Version 21.2.1.1027)

• Mindbreeze InSpire SaaS 21.2 Release (Version 21.2.1.1027)