SUSE-SU-2021:1617-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1617-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:1617-1
Related
Published
2021-05-17T09:19:30Z
Modified
2021-05-17T09:19:30Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-36312: Fixed an issue in virt/kvm/kvmmain.c that had a kvmiobusunregister_dev memory leak upon a kmalloc failure (bnc#1184509).
  • CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/xtables.c and include/linux/netfilter/xtables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
  • CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).
  • CVE-2020-25673: Fixed NFC endless loops caused by repeated llcpsockconnect() (bsc#1178181).
  • CVE-2020-25672: Fixed NFC memory leak in llcpsockconnect() (bsc#1178181).
  • CVE-2020-25671: Fixed NFC refcount leak in llcpsockconnect() (bsc#1178181).
  • CVE-2020-25670: Fixed NFC refcount leak in llcpsockbind() (bsc#1178181).
  • CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
  • CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).
  • CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
  • CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).
  • CVE-2021-29265: Fixed an issue in usbipsockfdstore in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).
  • CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
  • CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlparsysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because addslotstore and removeslotstore mishandle drcname '\0' termination (bnc#1184198).
  • CVE-2021-28660: Fixed rtwwxsetscan in drivers/staging/rtl8188eu/osdep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).
  • CVE-2020-0433: Fixed blkmqqueuetagbusy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).
  • CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).
  • CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsitransport/$TRANSPORTNAME/handle. When read, the showtransporthandle function (in drivers/scsi/scsitransportiscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsitransport struct in the kernel module's global variables (bnc#1182716).
  • CVE-2021-27364: Fixed an issue in drivers/scsi/scsitransportiscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).
  • CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation where fusedogetattr() calls makebadinode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211 bnc#1184952).
  • CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022 bnc#1183069 ).
  • CVE-2020-1749: Fixed a flaw with some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629).

The following non-security bugs were fixed:

  • KVM: Add proper lockdep assertion in I/O bus unregister (bsc#1185555).
  • KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU (bsc#1185556).
  • KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1185557).
  • Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
  • bluetooth: eliminate the potential race condition when removing the HCI controller (bsc#1184611).
  • ext4: check journal inode extents more carefully (bsc#1173485).
  • ext4: do not allow overlapping system zones (bsc#1173485).
  • ext4: handle error of ext4setupsystem_zone() on remount (bsc#1173485).
  • xen-netback: respect gnttabmaprefs()'s return value (bsc#1183022 XSA-367).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.155.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.155.1",
            "kernel-devel": "4.4.121-92.155.1",
            "kernel-default-base": "4.4.121-92.155.1",
            "kernel-default": "4.4.121-92.155.1",
            "kernel-source": "4.4.121-92.155.1",
            "kernel-syms": "4.4.121-92.155.1",
            "kernel-default-devel": "4.4.121-92.155.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.155.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.155.1",
            "kernel-devel": "4.4.121-92.155.1",
            "kernel-default-base": "4.4.121-92.155.1",
            "kernel-default": "4.4.121-92.155.1",
            "kernel-source": "4.4.121-92.155.1",
            "kernel-syms": "4.4.121-92.155.1",
            "kernel-default-devel": "4.4.121-92.155.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.155.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.155.1",
            "kernel-devel": "4.4.121-92.155.1",
            "kernel-default-base": "4.4.121-92.155.1",
            "kernel-default": "4.4.121-92.155.1",
            "kernel-source": "4.4.121-92.155.1",
            "kernel-syms": "4.4.121-92.155.1",
            "kernel-default-devel": "4.4.121-92.155.1"
        }
    ]
}