SUSE-SU-2021:3848-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:3848-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2021:3848-1
- Related
- Published
- 2021-12-01T15:56:22Z
- Modified
- 2021-12-01T15:56:22Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivilegedbpfdisabled to 0. (kernel.unprivilegedbpfdisabled = 0)
CVE-2021-0941: In bpfskbchange_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in listdevices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAPSYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtpattachdevice fails (bsc#1191961).
- CVE-2021-37159: hsofreenetdevice in drivers/net/usb/hso.c in the Linux kernel calls unregisternetdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
- CVE-2021-3772: Fixed sctp vtag check in sctpsfootb (bsc#1190351).
The following non-security bugs were fixed:
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1114648).
- Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
- Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
- USB: iowarrior: fix control-message timeouts (git-fixes).
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes).
- arm64: pgtable: make ptetophys/phystopte_val inline functions (git-fixes).
- bpf: Fix potential race in tail call compatibility check (git-fixes).
- bpf: Move owner type, jited info into array auxiliary data (bsc#1141655).
- bpf: Use kvmalloc for map values in syscall (stable-5.14.16).
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- ceph: take snapemptylock atomically with snaprealm refcount change (bsc#1191888).
- config.sh: Build cve/linux-4.12 against SLE15-SP1. SLE15 is no longer updated and we will need recent update to suse-module-tools to continue building the kernel.
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- crypto: s5p-sss - Add error handling in s5paesprobe() (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINESMPCALLCACHEFUNCTION() (git-fixes).
- drm: fix spectre issue in vmwexecbufioctl (bsc#1192802).
- ethernet: dwmac-stm32: Fix copyright (git-fixes).
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- fuse: fix page stealing (bsc#1192718).
- gigaset: fix spectre issue in dodatab3_req (bsc#1192802).
- hisax: fix spectre issues (bsc#1192802).
- hrtimer: Move copyout of remaining time to do_nanosleep() (bsc#1191713).
- hrtimernanosleep(): Pass rmtp in restartblock (bsc#1191713).
- hysdn: fix spectre issue in hycapisendmessage (bsc#1192802).
- i2c: synquacer: fix deferred probing (git-fixes).
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
- infiniband: fix spectre issue in ibuverbswrite (bsc#1192802).
- ipv4: fix race condition between route lookup and invalidation (bsc#1190397).
- iwlwifi: fix spectre issue in iwldbgfsupdate_pm (bsc#1192802).
- kernel, fs: Introduce and use setrestartfn() and archsetrestart_data() (bsc#1191713).
- media: dvbcaen50221: prevent using slot_info for Spectre attacs (bsc#1192802).
- media: dvbcaen50221: sanity check slot number from userspace (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue (bsc#1192802).
- mm/hugetlb: initialize hugetlbusage in mminit (bsc#1192906).
- mpt3sas: fix spectre issues (bsc#1192802).
- net: sockdiag: Fix spectre v1 gadget in _sockdiagcmd() (bsc#1192802).
- net: stmmac: Avoid VLA usage (git-fixes).
- net: stmmac: First Queue must always be in DCB mode (git-fixes).
- net: stmmac: Fix TX timestamp calculation (git-fixes).
- net: stmmac: Fix bad RX timestamp extraction (git-fixes).
- net: stmmac: Fix stmmacgetrx_hwtstamp() (git-fixes).
- net: stmmac: Prevent infinite loop in getrxtimestamp_status() (git-fixes).
- net: stmmac: WARN if tx_skbuff entries are reused before cleared (git-fixes).
- net: stmmac: add error handling in stmmacmtlsetup() (git-fixes).
- net: stmmac: discard disabled flags in interrupt status register (git-fixes).
- net: stmmac: do not clear txskbuff entries in stmmacxmit()/stmmactsoxmit() (git-fixes).
- net: stmmac: dwc-qos-eth: Fix typo in DT bindings parsing (git-fixes).
- net: stmmac: ensure that the MSS desc is the last desc to set the own bit (git-fixes).
- net: stmmac: fix LPI transitioning for dwmac4 (git-fixes).
- net: stmmac: honor error code from stmmacdtphy() (git-fixes).
- net: stmmac: make dwmac4releasetx_desc() clear all descriptor fields (git-fixes).
- net: stmmac: remove redundant enable of PMT irq (git-fixes).
- net: stmmac: rename GMACINTDEFAULT_MASK for dwmac4 (git-fixes).
- net: stmmac: use correct barrier between coherent memory and MMIO (git-fixes).
- objtool-don-t-fail-on-missing-symbol-table.patch needed for vanilla flavor as well.
- objtool: Do not fail on missing symbol table (bsc#1192379).
- ocfs2: Fix data corruption on truncate (bsc#1190795).
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- osst: fix spectre issue in osstverifyframe (bsc#1192802).
- prctl: allow to setup brk for et_dyn executables (git-fixes).
- printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
- printk: handle blank console arguments passed in (bsc#1192753).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: be2iscsi: Fix an error handling path in beiscsidevprobe() (git-fixes).
- scsi: core: Fix error handling of scsihostalloc() (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: csiostor: Uninitialized data in csiolnvnpreadcbfn() (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: libsas: Use safe() loop in sasresume_port() (git-fixes).
- scsi: mpt3sas: Fix error return value in scsihexpander_add() (git-fixes).
- scsi: qedf: Add pointer checks in qedfupdatelink_speed() (git-fixes).
- scsi: qedf: Fix error codes in qedfallocglobal_queues() (git-fixes).
- scsi: qedi: Fix error codes in qediallocglobal_queues() (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of qla2x00processels() (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: fsl: dpio: replace smpprocessorid with rawsmpprocessor_id (git-fixes).
- stmmac: copy unicast mac address to MAC registers (git-fixes).
- stmmac: use ofpropertyreadu32 instead of readu8 (git-fixes).
- sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802).
- tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
- x86/xen: Mark cpubringupandidle() as deadend_function (git-fixes).
- xen-pciback: Fix return in pmctrlinit() (git-fixes).
- xen: Fix implicit type conversion (git-fixes).
- References
-
- https://www.suse.com/support/update/announcement/2021/suse-su-20213848-1/
- https://bugzilla.suse.com/1094840
- https://bugzilla.suse.com/1114648
- https://bugzilla.suse.com/1141655
- https://bugzilla.suse.com/1188601
- https://bugzilla.suse.com/1190351
- https://bugzilla.suse.com/1190397
- https://bugzilla.suse.com/1190523
- https://bugzilla.suse.com/1190795
- https://bugzilla.suse.com/1191713
- https://bugzilla.suse.com/1191790
- https://bugzilla.suse.com/1191888
- https://bugzilla.suse.com/1191961
- https://bugzilla.suse.com/1192045
- https://bugzilla.suse.com/1192267
- https://bugzilla.suse.com/1192273
- https://bugzilla.suse.com/1192379
- https://bugzilla.suse.com/1192718
- https://bugzilla.suse.com/1192750
- https://bugzilla.suse.com/1192753
- https://bugzilla.suse.com/1192781
- https://bugzilla.suse.com/1192802
- https://bugzilla.suse.com/1192906
- https://www.suse.com/security/cve/CVE-2021-0941
- https://www.suse.com/security/cve/CVE-2021-20322
- https://www.suse.com/security/cve/CVE-2021-31916
- https://www.suse.com/security/cve/CVE-2021-34981
- https://www.suse.com/security/cve/CVE-2021-37159
- https://www.suse.com/security/cve/CVE-2021-3772
Affected packages
SUSE:Linux Enterprise Server 12 SP5 / kernel-azure
Package
- Name
- kernel-azure
- Purl
- purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure
Package
- Name
- kernel-source-azure
- Purl
- purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure
Package
- Name
- kernel-syms-azure
- Purl
- purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure
Package
- Name
- kernel-azure
- Purl
- purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure
Package
- Name
- kernel-source-azure
- Purl
- purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5