SUSE-SU-2021:0434-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20210434-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0434-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:0434-1
Related
Published
2021-02-11T08:49:30Z
Modified
2025-05-08T17:14:51.690272Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3348: Fixed a use-after-free in nbdaddsocket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504).
  • CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
  • CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
  • CVE-2020-25211: Fixed a buffer overflow in ctnetlinkparsetuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).
  • CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).
  • CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
  • CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
  • CVE-2020-0444: Fixed a bad kfree due to a logic error in auditdatato_entry (bnc#1180027).
  • CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
  • CVE-2020-0466: Fixed a use-after-free due to a logic error in doepollctl and eploopcheck_proc of eventpoll.c (bnc#1180031).
  • CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).
  • CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
  • CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
  • CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
  • CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).
  • CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
  • CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
  • CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
  • CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
  • CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
  • CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
  • CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
  • CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
  • CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
  • CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
  • CVE-2019-20934: Fixed a use-after-free in shownumastats() because NUMA fault statistics were inappropriately freed (bsc#1179663).

The following non-security bugs were fixed:

  • blk-mq: improve heavily contended tag case (bsc#1178198).
  • debugfslookup(): switch to lookuponelenunlocked() (bsc#1171979).
  • epoll: Keep a reference on files added to the check list (bsc#1180031).
  • fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
  • futex: Do not enable IRQs unconditionally in putpistate() (bsc#1149032).
  • futex: Ensure the correct return value from futexlockpi() (bsc#1181349 bsc#1149032).
  • futex: Fix incorrect shouldfailfutex() handling (bsc#1181349).
  • futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
  • futex: Provide and use pistateupdate_owner() (bsc#1181349 bsc#1149032).
  • futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
  • futex: Simplify fixuppistate_owner() (bsc#1181349 bsc#1149032).
  • futex: Use pistateupdateowner() in putpi_state() (bsc#1181349 bsc#1149032).
  • HID: Fix slab-out-of-bounds read in hidfieldextract (bsc#1180052).
  • iommu/vt-d: Do not dereference iommudevice if IOMMUAPI is not built (bsc#1181001, jsc#ECO-3191).
  • iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191).
  • kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
  • locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032).
  • md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
  • md/bitmap: mdbitmapget_counter returns wrong blocks (bsc#1163727).
  • md/bitmap: mdbitmapread_sb uses wrong bitmap blocks (bsc#1163727).
  • md/cluster: block reshape with remote resync job (bsc#1163727).
  • md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
  • md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727).
  • md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
  • md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
  • md-cluster: fix wild pointer of unlockallbitmaps() (bsc#1163727).
  • Move upstreamed bt fixes into sorted section
  • nbd: Fix memory leak in nbdaddsocket (bsc#1181504).
  • net/x25: prevent a couple of overflows (bsc#1178590).
  • NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
  • rtmutex: Remove unused argument from rtmutexproxy_unlock() (bsc#1181349 bsc#1149032).
  • s390/dasd: fix hanging device offline processing (bsc#1144912).
  • scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
  • scsi: ibmvfc: Use compiler attribute defines instead of attribute() (bsc#1176962 ltc#188304).
  • SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
  • x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191).
  • x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191).
  • x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191).
  • x86/kvm: Add KVMFEATUREMSIEXTDEST_ID (bsc#1181001, jsc#ECO-3191).
  • x86/kvm: Reserve KVMFEATUREMSIEXTDEST_ID (bsc#1181001, jsc#ECO-3191).
  • x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191).
  • x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
  • x86/traps: Simplify pagefault tracing logic (bsc#1179895).
  • xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
References

Affected packages

SUSE:OpenStack Cloud 9 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:Linux Enterprise High Availability Extension 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-95.68.1",
            "gfs2-kmp-default": "4.12.14-95.68.1",
            "ocfs2-kmp-default": "4.12.14-95.68.1",
            "cluster-md-kmp-default": "4.12.14-95.68.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-95.68.1",
            "kernel-default-kgraft-devel": "4.12.14-95.68.1",
            "kgraft-patch-4_12_14-95_68-default": "1-6.3.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP4 / kgraft-patch-SLE12-SP4_Update_18

Package

Name
kgraft-patch-SLE12-SP4_Update_18
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-6.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-95.68.1",
            "kernel-default-kgraft-devel": "4.12.14-95.68.1",
            "kgraft-patch-4_12_14-95_68-default": "1-6.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default-man": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default-man": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.68.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.68.1",
            "kernel-devel": "4.12.14-95.68.1",
            "kernel-default-base": "4.12.14-95.68.1",
            "kernel-default-man": "4.12.14-95.68.1",
            "kernel-default": "4.12.14-95.68.1",
            "kernel-source": "4.12.14-95.68.1",
            "kernel-syms": "4.12.14-95.68.1",
            "kernel-default-devel": "4.12.14-95.68.1"
        }
    ]
}