SUSE-SU-2021:14764-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14764-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:14764-1
Related
Published
2021-07-13T07:46:15Z
Modified
2021-07-13T07:46:15Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-0512: Fixed a possible out of bounds write due to a heap buffer overflow in _hidinputchangeresolutionmultipliers. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1187595)
  • CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)
  • CVE-2020-36386: Fixed an out-of-bounds read in hciextendedinquiryresultevt. (bsc#1187038)
  • CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861 bsc#1185863)
  • CVE-2021-29154: Fixed an incorrect computation of branch displacements in the BPF JIT compilers, which could allow to execute arbitrary code within the kernel context. (bsc#1184391)
  • CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611)
  • CVE-2020-24586: Fixed a bug that, under the right circumstances, allows to inject arbitrary network packets and/or exfiltrate user data when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP. (bsc#1185859 bsc#1185863)
  • CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward EAPOL frames to other clients even though the sender has not yet successfully authenticated. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients. (bsc#1185863 bsc#1186062)
  • CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (bsc#1185862 bsc#1185863)

The following non-security bugs were fixed:

  • md: do not flush workqueue unconditionally in md_open (bsc#1184081).
  • md: factor out a mddevfindlocked helper from mddev_find (bsc#1184081).
  • md: md_open returns -EBUSY when entering racing area (bsc#1184081).
  • md: split mddev_find (bsc#1184081).
References

Affected packages

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-bigmem

Package

Name
kernel-bigmem
Purl
purl:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-pae

Package

Name
kernel-pae
Purl
purl:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ppc64

Package

Name
kernel-ppc64
Purl
purl:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-trace

Package

Name
kernel-trace
Purl
purl:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.129.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.129.1",
            "kernel-default-man": "3.0.101-108.129.1",
            "kernel-ec2": "3.0.101-108.129.1",
            "kernel-default": "3.0.101-108.129.1",
            "kernel-source": "3.0.101-108.129.1",
            "kernel-bigmem": "3.0.101-108.129.1",
            "kernel-pae-base": "3.0.101-108.129.1",
            "kernel-syms": "3.0.101-108.129.1",
            "kernel-bigmem-base": "3.0.101-108.129.1",
            "kernel-pae": "3.0.101-108.129.1",
            "kernel-ppc64-devel": "3.0.101-108.129.1",
            "kernel-ec2-devel": "3.0.101-108.129.1",
            "kernel-ppc64-base": "3.0.101-108.129.1",
            "kernel-trace-devel": "3.0.101-108.129.1",
            "kernel-trace": "3.0.101-108.129.1",
            "kernel-ec2-base": "3.0.101-108.129.1",
            "kernel-ppc64": "3.0.101-108.129.1",
            "kernel-xen-base": "3.0.101-108.129.1",
            "kernel-xen-devel": "3.0.101-108.129.1",
            "kernel-bigmem-devel": "3.0.101-108.129.1",
            "kernel-trace-base": "3.0.101-108.129.1",
            "kernel-default-devel": "3.0.101-108.129.1",
            "kernel-pae-devel": "3.0.101-108.129.1",
            "kernel-xen": "3.0.101-108.129.1"
        }
    ]
}