SUSE-SU-2021:1728-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211728-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1728-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:1728-1
Related
Published
2021-05-25T10:27:58Z
Modified
2021-05-25T10:27:58Z
Summary
Security update for the Linux Kernel (Live Patch 18 for SLE 15)
Details

This update for the Linux Kernel 4.12.14-150_52 fixes several issues.

The following security issues were fixed:

  • CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fusedogetattr() calls makebadinode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952).
  • CVE-2020-0433: Fixed blkmqqueuetagbusy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1178066).
  • CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710)
References

Affected packages

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_23

Package

Name
kernel-livepatch-SLE15_Update_23
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_69-default": "4-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_22

Package

Name
kernel-livepatch-SLE15_Update_22
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_66-default": "5-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_21

Package

Name
kernel-livepatch-SLE15_Update_21
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_63-default": "7-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_20

Package

Name
kernel-livepatch-SLE15_Update_20
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_58-default": "9-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_19

Package

Name
kernel-livepatch-SLE15_Update_19
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_55-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_18

Package

Name
kernel-livepatch-SLE15_Update_18
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_52-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_23

Package

Name
kernel-livepatch-SLE15_Update_23
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_69-default": "4-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_22

Package

Name
kernel-livepatch-SLE15_Update_22
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_66-default": "5-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_21

Package

Name
kernel-livepatch-SLE15_Update_21
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_63-default": "7-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_20

Package

Name
kernel-livepatch-SLE15_Update_20
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_58-default": "9-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_19

Package

Name
kernel-livepatch-SLE15_Update_19
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_55-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_18

Package

Name
kernel-livepatch-SLE15_Update_18
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_52-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_23

Package

Name
kernel-livepatch-SLE15_Update_23
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_69-default": "4-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_22

Package

Name
kernel-livepatch-SLE15_Update_22
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_66-default": "5-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_21

Package

Name
kernel-livepatch-SLE15_Update_21
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_63-default": "7-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_20

Package

Name
kernel-livepatch-SLE15_Update_20
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_58-default": "9-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_19

Package

Name
kernel-livepatch-SLE15_Update_19
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_55-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_18

Package

Name
kernel-livepatch-SLE15_Update_18
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_52-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_23

Package

Name
kernel-livepatch-SLE15_Update_23
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_69-default": "4-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_22

Package

Name
kernel-livepatch-SLE15_Update_22
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_66-default": "5-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_21

Package

Name
kernel-livepatch-SLE15_Update_21
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_63-default": "7-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_20

Package

Name
kernel-livepatch-SLE15_Update_20
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_58-default": "9-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_19

Package

Name
kernel-livepatch-SLE15_Update_19
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_55-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_18

Package

Name
kernel-livepatch-SLE15_Update_18
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_52-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_23

Package

Name
kernel-livepatch-SLE15_Update_23
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_69-default": "4-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_22

Package

Name
kernel-livepatch-SLE15_Update_22
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_66-default": "5-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_21

Package

Name
kernel-livepatch-SLE15_Update_21
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_63-default": "7-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_20

Package

Name
kernel-livepatch-SLE15_Update_20
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_58-default": "9-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_19

Package

Name
kernel-livepatch-SLE15_Update_19
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_55-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_18

Package

Name
kernel-livepatch-SLE15_Update_18
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_52-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_23

Package

Name
kernel-livepatch-SLE15_Update_23
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_69-default": "4-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_22

Package

Name
kernel-livepatch-SLE15_Update_22
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_66-default": "5-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_21

Package

Name
kernel-livepatch-SLE15_Update_21
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_63-default": "7-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_20

Package

Name
kernel-livepatch-SLE15_Update_20
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_58-default": "9-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_19

Package

Name
kernel-livepatch-SLE15_Update_19
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_55-default": "10-2.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_18

Package

Name
kernel-livepatch-SLE15_Update_18
Purl
purl:rpm/suse/kernel-livepatch-SLE15_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-4_12_14-150_52-default": "10-2.2"
        }
    ]
}