SUSE-SU-2021:2305-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20212305-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:2305-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:2305-1
Related
Published
2021-07-13T11:02:01Z
Modified
2021-07-13T11:02:01Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666)
  • CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)
  • CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)
  • CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)
  • CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)

The following non-security bugs were fixed:

  • 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263).
  • alx: Fix an error handling path in 'alx_probe()' (git-fixes).
  • asm-generic/hyperv: Add missing function prototypes per -W1 warnings (bsc#1186071).
  • ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes).
  • ASoC: max98088: fix ni clock divider calculation (git-fixes).
  • ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
  • ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes).
  • ASoC: sti-sas: add missing MODULEDEVICETABLE (git-fixes).
  • ASoC: tas2562: Fix TDMCFG0SAMPRATE values (git-fixes).
  • batman-adv: Avoid WARN_ON timing related checks (git-fixes).
  • be2net: Fix an error handling path in 'be_probe()' (git-fixes).
  • block: Discard page cache of zone reset target range (bsc#1187402).
  • Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).
  • Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
  • bnxten: Call bnxtethtoolfree() in bnxtinit_one() error path (jsc#SLE-8371 bsc#1153274).
  • bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274).
  • bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274).
  • bpf: Fix integer overflow in argument calculation for bpfmaparea_alloc (bsc#1177028).
  • bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).
  • bpfilter: Specify the log level for the kmsg message (bsc#1155518).
  • can: mcbausb: fix memory leak in mcbausb (git-fixes).
  • ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927).
  • cfg80211: avoid double free of PMSR request (git-fixes).
  • cfg80211: make certificate generation more robust (git-fixes).
  • cgroup1: do not allow '\n' in renaming (bsc#1187972).
  • clocksource/drivers/hyper-v: Handle sched_clock differences inline (bsc#1186071).
  • clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts (bsc#1186071).
  • clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V feature (bsc#1186071).
  • cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).
  • cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).
  • cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).
  • cxgb4: fix wrong shift (git-fixes).
  • cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).
  • dax: Add a wakeup mode parameter to putunlockedentry() (bsc#1187411).
  • dax: Add an enum for specifying dax wakup mode (bsc#1187411).
  • dax: fix ENOMEM handling in grabmappingentry() (bsc#1184212).
  • dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
  • dmaengine: ALTERAMSGDMA depends on HASIOMEM (git-fixes).
  • dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes).
  • dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes).
  • dmaengine: QCOMHIDMAMGMT depends on HAS_IOMEM (git-fixes).
  • dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes).
  • drivers: hv: Create a consistent pattern for checking Hyper-V hypercall status (bsc#1186071).
  • drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071).
  • Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071).
  • Drivers: hv: vmbus: Check for pending channel interrupts before taking a CPU offline (bsc#1186071).
  • Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce CHANNELMSGMODIFYCHANNELRESPONSE (bsc#1186071).
  • Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1183682).
  • Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071).
  • Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3 (bsc#1186071).
  • Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071).
  • Drivers: hv: vmbus: Move hypervreportpanic_msg to arch neutral code (bsc#1186071).
  • Drivers: hv: vmbus: remove unused function (bsc#1186071).
  • Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071).
  • drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).
  • drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
  • drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).
  • drm/amdgpu: refine amdgpufrugetproductinfo (git-fixes).
  • drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).
  • drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
  • drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).
  • drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).
  • drm: Fix use-after-free read in drm_getunique() (git-fixes).
  • drm: Lock pointer access in drmmasterrelease() (git-fixes).
  • dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
  • ethtool: strset: fix message length calculation (bsc#1176447).
  • ext4: fix bug on in ext4escacheextent as ext4splitextentat failed (bsc#1187408).
  • ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404).
  • ext4: fix error code in ext4commitsuper (bsc#1187407).
  • ext4: fix memory leak in ext4fillsuper (bsc#1187409).
  • FCOE: fcoewwnfrom_mac kABI fix (bsc#1187886).
  • fs: fix reporting supported extra file attributes for statx() (bsc#1187410).
  • ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
  • ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
  • fuse: BUGON correction in fusedevsplicewrite() (bsc#1187356).
  • HID: Add BUSVIRTUAL to hidconnect logging (git-fixes).
  • HID: gt683r: add missing MODULEDEVICETABLE (git-fixes).
  • HID: hid-input: add mapping for emoji picker key (git-fixes).
  • HID: hid-sensor-hub: Return error for hidsetfield() failure (git-fixes).
  • HID: quirks: Set INCREMENTUSAGEON_DUPLICATE for Saitek X65 (git-fixes).
  • HID: usbhid: fix info leak in hidsubmitctrl (git-fixes).
  • HID: usbhid: Fix race between usbhidclose() and usbhidstop() (git-fixes).
  • hv: hyperv.h: a few mundane typo fixes (bsc#1186071).
  • hv_netvsc: Add a comment clarifying batching logic (bsc#1186071).
  • hv_netvsc: Add error handling while switching data path (bsc#1186071).
  • hv_netvsc: Make netvsc/VF binding check both MAC and serial number (bsc#1186071).
  • hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
  • i2c: mpc: Make use of i2crecoverbus() (git-fixes).
  • ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
  • ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878).
  • isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
  • kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
  • kernel: kexecfile: fix error return code of kexeccalculatestoredigests() (git-fixes).
  • kthread: prevent deadlock when kthreadmoddelayedwork() races with kthreadcanceldelayedwork_sync() (bsc#1187867).
  • kthread_worker: split code for canceling the delayed work timer (bsc#1187867).
  • kyber: fix out of bounds access when preempted (bsc#1187403).
  • lib: vdso: Remove CROSSCOMPILECOMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
  • media: mtk-mdp: Check return value of ofclkget (git-fixes).
  • media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
  • media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).
  • mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774).
  • mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
  • module: limit enabling module.sig_enforce (git-fixes).
  • net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
  • net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).
  • net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).
  • net/mlx5: Fix PBMC register mapping (git-fixes).
  • net/mlx5: Fix placement of logmaxflow_counter (git-fixes).
  • net/mlx5: Fix sleep while atomic in mlx5eswitchget_vepa (git-fixes).
  • net/mlx5: Reset mkey index on creation (jsc#SLE-15172).
  • net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).
  • net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
  • net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
  • net/nfc/rawsock.c: fix a permission check bug (git-fixes).
  • net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
  • net/x25: Return the correct errno code (git-fixes).
  • net: mvpp2: add mvpp2phylinkto_port() helper (bsc#1187171).
  • netxennic: Fix an error handling path in 'netxennic_probe()' (git-fixes).
  • NFS: Fix a potential NULL dereference in nfsgetclient() (git-fixes).
  • NFS: Fix deadlock between nfs4evictinode() and nfs4opendataget_inode() (git-fixes).
  • NFS: Fix use-after-free in nfs4initclient() (git-fixes).
  • nvmem: rmem: fix undefined reference to memremap (git-fixes).
  • ocfs2: fix data corruption by fallocate (bsc#1187412).
  • PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
  • PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
  • PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
  • PCI: hv: Drop msi_controller structure (bsc#1186071).
  • PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
  • PCI: Mark TI C667X to avoid bus reset (git-fixes).
  • PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
  • perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes).
  • perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEPPCIPCU_3 (bsc#1184685).
  • powerpc/perf: Fix crash in perfinstructionpointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).
  • qla2xxx: synchronize rport devlosstmo setting (bsc#1182470 bsc#1185486).
  • qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
  • radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
  • regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes).
  • Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
  • Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413).
  • Revert 'ibmvnic: simplify resetlongterm_buff function' (bsc#1186206 ltc#191041).
  • Revert 'PCI: PM: Do not read power state in pcienabledevice_flags()' (git-fixes).
  • Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes).
  • Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489)
  • s390/dasd: add missing discipline function (git-fixes).
  • s390/stack: fix possible register corruption with stack switch helper (bsc#1185677).
  • sched/debug: Fix cgroup_path[] serialization (git-fixes)
  • sched/fair: Keep loadavg and loadsum synced (git-fixes)
  • scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883).
  • scsi: fcoe: Fix mismatched fcoewwnfrom_mac declaration (bsc#1187886).
  • scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071).
  • scsi: storvsc: Parameterize number hardware queues (bsc#1186071).
  • scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).
  • SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
  • scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
  • spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes).
  • spi: sprd: Add missing MODULEDEVICETABLE (git-fixes).
  • spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32qspiwait_cmd() (git-fixes).
  • SUNRPC: Handle major timeout in xprtadjusttimeout() (git-fixes).
  • SUNRPC: Handle major timeout in xprtadjusttimeout() (git-fixes).
  • tracing: Correct the length check which causes memory corruption (git-fixes).
  • tracing: Do no increment traceclockglobal() by one (git-fixes).
  • tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
  • tracing: Do not stop recording comms if the trace file is being read (git-fixes).
  • tracing: Restructure traceclockglobal() to never block (git-fixes).
  • USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
  • USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
  • USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
  • USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
  • USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
  • USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
  • USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
  • USB: fix various gadget panics on 10gbps cabling (git-fixes).
  • USB: fix various gadget panics on 10gbps cabling (git-fixes).
  • USB: gadget: eem: fix wrong eem header operation (git-fixes).
  • USB: gadget: eem: fix wrong eem header operation (git-fixes).
  • USB: gadget: ffs: Ensure iocompletion_wq is idle during unbind (git-fixes).
  • USB: gadget: ffs: Ensure iocompletion_wq is idle during unbind (git-fixes).
  • USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
  • USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
  • USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
  • USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
  • video: hgafb: correctly handle card detect failure during probe (git-fixes).
  • video: hgafb: fix potential NULL pointer dereference (git-fixes).
  • vrf: fix maximum MTU (git-fixes).
  • x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).
  • x86/fpu: Preserve supervisor states in sanitizerestoreduser_xstate() (bsc#1178134).
  • x86/hyper-v: Move hvmessagetype to architecture neutral module
  • x86/hyperv: Fix unused variable 'hi' warning in hvapicread (bsc#1186071).
  • x86/hyperv: Fix unused variable 'msrval' warning in hvqlock_wait (bsc#1186071).
  • x86/hyperv: Move hvdorep_hypercall to asm-generic (bsc#1186071).
  • x86/hyperv: remove unused linux/version.h header (bsc#1186071).
  • x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489).
  • x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489).
  • xen-blkback: fix compatibility bug with single page rings (git-fixes).
  • xen-pciback: reconfigure also from backend watch handler (git-fixes).
  • xen-pciback: redo VF placement in the virtual topology (git-fixes).
  • xen/evtchn: Change irqinfo lock to rawspinlock_t (git-fixes).
  • xfrm: policy: Read seqcount outside of rcu-read side in xfrmpolicylookup_bytype (bsc#1185675).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-38.11.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-38.11.1",
            "kernel-azure-devel": "5.3.18-38.11.1",
            "kernel-devel-azure": "5.3.18-38.11.1",
            "kernel-syms-azure": "5.3.18-38.11.1",
            "kernel-source-azure": "5.3.18-38.11.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-38.11.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-38.11.1",
            "kernel-azure-devel": "5.3.18-38.11.1",
            "kernel-devel-azure": "5.3.18-38.11.1",
            "kernel-syms-azure": "5.3.18-38.11.1",
            "kernel-source-azure": "5.3.18-38.11.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-38.11.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-38.11.1",
            "kernel-azure-devel": "5.3.18-38.11.1",
            "kernel-devel-azure": "5.3.18-38.11.1",
            "kernel-syms-azure": "5.3.18-38.11.1",
            "kernel-source-azure": "5.3.18-38.11.1"
        }
    ]
}