SUSE-SU-2021:1596-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211596-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1596-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:1596-1
Related
Published
2021-05-13T11:13:24Z
Modified
2021-05-13T11:13:24Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-36312: Fixed an issue in virt/kvm/kvmmain.c that had a kvmiobusunregister_dev memory leak upon a kmalloc failure (bnc#1184509).
  • CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/xtables.c and include/linux/netfilter/xtables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
  • CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).
  • CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a setmemoryregion_test infinite loop for certain nested page faults (bnc#1184512).
  • CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).
  • CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).
  • CVE-2020-25673: Fixed NFC endless loops caused by repeated llcpsockconnect() (bsc#1178181).
  • CVE-2020-25672: Fixed NFC memory leak in llcpsockconnect() (bsc#1178181).
  • CVE-2020-25671: Fixed NFC refcount leak in llcpsockconnect() (bsc#1178181).
  • CVE-2020-25670: Fixed NFC refcount leak in llcpsockbind() (bsc#1178181).
  • CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).
  • CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
  • CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fusedogetattr() calls makebadinode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).
  • CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).
  • CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
  • CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).
  • CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).
  • CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).
  • CVE-2021-28971: Fixed a potential local denial of service in intelpmudrainpebsnhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).
  • CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).
  • CVE-2021-29265: Fixed an issue in usbipsockfdstore in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).
  • CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
  • CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlparsysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because addslotstore and removeslotstore mishandle drcname '\0' termination (bnc#1184198).
  • CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).
  • CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).
  • CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).
  • CVE-2021-28660: Fixed rtwwxsetscan in drivers/staging/rtl8188eu/osdep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).
  • CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).
  • CVE-2021-3428: Fixed ext4 integer overflow in ext4escache_extent (bsc#1173485, bsc#1183509).
  • CVE-2020-0433: Fixed blkmqqueuetagbusy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).
  • CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
  • CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).
  • CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).
  • CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsitransport/$TRANSPORTNAME/handle. When read, the showtransporthandle function (in drivers/scsi/scsitransportiscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsitransport struct in the kernel module's global variables (bnc#1182716).
  • CVE-2021-27364: Fixed an issue in drivers/scsi/scsitransportiscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).

The following non-security bugs were fixed:

  • Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113).
  • Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
  • bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
  • bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
  • coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194).
  • dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
  • ext4: check journal inode extents more carefully (bsc#1173485).
  • ext4: do not allow overlapping system zones (bsc#1173485).
  • ext4: handle error of ext4setupsystem_zone() on remount (bsc#1173485).
  • handle also the opposite type of race condition
  • hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032).
  • hvnetvsc: remove ndopoll_controller (bsc#1185248).
  • ibmvnic fix NULL txpools and rxtools issue at do_reset (bsc#1175873 ltc#187922).
  • ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
  • ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
  • ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
  • ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).
  • ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).
  • ibmvnic: enhance resetting status check during module exit (bsc#1065729).
  • ibmvnic: fix NULL pointer dereference in resetsubcrq_queues (bsc#1040855 ltc#155067 git-fixes).
  • ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
  • ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).
  • ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).
  • macros.kernel-source: Use specinstallpre for certificate installation (boo#1182672).
  • post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
  • powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
  • rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
  • rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
  • rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
  • rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
  • xen-netback: respect gnttabmaprefs()'s return value (bsc#1183022 XSA-367).
References

Affected packages

SUSE:OpenStack Cloud 9 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:Linux Enterprise High Availability Extension 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-95.74.1",
            "gfs2-kmp-default": "4.12.14-95.74.1",
            "ocfs2-kmp-default": "4.12.14-95.74.1",
            "cluster-md-kmp-default": "4.12.14-95.74.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-95.74.1",
            "kernel-default-kgraft-devel": "4.12.14-95.74.1",
            "kgraft-patch-4_12_14-95_74-default": "1-6.3.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP4 / kgraft-patch-SLE12-SP4_Update_20

Package

Name
kgraft-patch-SLE12-SP4_Update_20
Purl
purl:rpm/suse/kgraft-patch-SLE12-SP4_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-6.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-95.74.1",
            "kernel-default-kgraft-devel": "4.12.14-95.74.1",
            "kgraft-patch-4_12_14-95_74-default": "1-6.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default-man": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default-man": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.74.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.74.1",
            "kernel-devel": "4.12.14-95.74.1",
            "kernel-default-base": "4.12.14-95.74.1",
            "kernel-default-man": "4.12.14-95.74.1",
            "kernel-default": "4.12.14-95.74.1",
            "kernel-source": "4.12.14-95.74.1",
            "kernel-syms": "4.12.14-95.74.1",
            "kernel-default-devel": "4.12.14-95.74.1"
        }
    ]
}