SUSE-SU-2021:14849-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-202114849-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14849-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:14849-1
Related
Published
2021-12-01T16:01:25Z
Modified
2021-12-01T16:01:25Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-37159: hsofreenetdevice in drivers/net/usb/hso.c called unregisternetdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
  • CVE-2021-3772: Fixed sctp vtag check in sctpsfootb (bsc#1190351).
  • CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267).
  • CVE-2014-7841: The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#904899 bnc#905100).
  • CVE-2021-20265: A flaw was found in the way memory resources were freed in the unixstreamrecvmsg function when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089).
  • CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avccapmt mishandled bounds checking (bnc#1184673 bnc#1192036).
  • CVE-2021-33033: The Linux kernel has a use-after-free in cipsov4genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1188876).
  • CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
  • CVE-2021-42008: The decodedata function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAPNET_ADMIN capability can lead to root access (bnc#1191315).
  • CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
  • CVE-2021-3640: Fixed a Use-After-Free vulnerability in function scosocksendmsg() in the bluetooth stack (bsc#1188172).
  • CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
  • CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the 'int_ctl' field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399).
  • CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAPSYSADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
  • CVE-2021-3609: A potential local privilege escalation in the CAN BCM networking protocol was fixed (bsc#1187215).
  • CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctxlist in some ucmamigrateid situations where ucmaclose is called, aka CID-f5449e74802c (bnc#1187050).

The following non-security bugs were fixed:

  • sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
  • sctp: fully initialize v4 addr in some functions (bsc#1188563).
  • sctp: simplify addr copy (bsc#1188563).
References

Affected packages

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-bigmem

Package

Name
kernel-bigmem
Purl
purl:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-pae

Package

Name
kernel-pae
Purl
purl:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ppc64

Package

Name
kernel-ppc64
Purl
purl:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-trace

Package

Name
kernel-trace
Purl
purl:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.132.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.132.1",
            "kernel-default-man": "3.0.101-108.132.1",
            "kernel-ec2": "3.0.101-108.132.1",
            "kernel-default": "3.0.101-108.132.1",
            "kernel-source": "3.0.101-108.132.1",
            "kernel-bigmem": "3.0.101-108.132.1",
            "kernel-pae-base": "3.0.101-108.132.1",
            "kernel-syms": "3.0.101-108.132.1",
            "kernel-bigmem-base": "3.0.101-108.132.1",
            "kernel-pae": "3.0.101-108.132.1",
            "kernel-ppc64-devel": "3.0.101-108.132.1",
            "kernel-ec2-devel": "3.0.101-108.132.1",
            "kernel-ppc64-base": "3.0.101-108.132.1",
            "kernel-trace-devel": "3.0.101-108.132.1",
            "kernel-trace": "3.0.101-108.132.1",
            "kernel-ec2-base": "3.0.101-108.132.1",
            "kernel-ppc64": "3.0.101-108.132.1",
            "kernel-xen-base": "3.0.101-108.132.1",
            "kernel-xen-devel": "3.0.101-108.132.1",
            "kernel-bigmem-devel": "3.0.101-108.132.1",
            "kernel-trace-base": "3.0.101-108.132.1",
            "kernel-default-devel": "3.0.101-108.132.1",
            "kernel-pae-devel": "3.0.101-108.132.1",
            "kernel-xen": "3.0.101-108.132.1"
        }
    ]
}