SUSE-SU-2021:3877-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20213877-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:3877-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:3877-1
Related
Published
2021-12-02T07:20:11Z
Modified
2021-12-02T07:20:11Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)

    You can reenable via systemctl setting /proc/sys/kernel/unprivilegedbpfdisabled to 0. (kernel.unprivilegedbpfdisabled = 0)

  • CVE-2021-0941: In bpfskbchange_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).

  • CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in listdevices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAPSYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
  • CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
  • CVE-2021-34981: Fixed file refcounting in cmtp when cmtpattachdevice fails. (bsc#1191961)

The following non-security bugs were fixed:

  • arm64: pgtable: make ptetophys/phystopte_val inline functions (git-fixes).
  • arm64/sve: Use correct size when reinitialising SVE state (git-fixes).
  • bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913)
  • bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
  • bpf: Fix potential race in tail call compatibility check (git-fixes).
  • bpf: Move owner type, jited info into array auxiliary data (bsc#1141655).
  • bpf: Use kvmalloc for map values in syscall (stable-5.14.16).
  • btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
  • config: disable unprivileged BPF by default (jsc#SLE-22913)
  • drivers: base: cacheinfo: Get rid of DEFINESMPCALLCACHEFUNCTION() (git-fixes).
  • drm: fix spectre issue in vmwexecbufioctl (bsc#1192802).
  • EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1114648).
  • fuse: fix page stealing (bsc#1192718).
  • gigaset: fix spectre issue in dodatab3_req (bsc#1192802).
  • hisax: fix spectre issues (bsc#1192802).
  • hysdn: fix spectre issue in hycapisendmessage (bsc#1192802).
  • i2c: synquacer: fix deferred probing (git-fixes).
  • ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
  • ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
  • ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
  • infiniband: fix spectre issue in ibuverbswrite (bsc#1192802).
  • iwlwifi: fix spectre issue in iwldbgfsupdate_pm (bsc#1192802).
  • media: dvbcaen50221: prevent using slot_info for Spectre attacs (bsc#1192802).
  • media: dvbcaen50221: sanity check slot number from userspace (bsc#1192802).
  • media: wl128x: get rid of a potential spectre issue (bsc#1192802).
  • mm/hugetlb: initialize hugetlbusage in mminit (bsc#1192906).
  • mpt3sas: fix spectre issues (bsc#1192802).
  • net: sockdiag: Fix spectre v1 gadget in _sockdiagcmd() (bsc#1192802).
  • osst: fix spectre issue in osstverifyframe (bsc#1192802).
  • prctl: allow to setup brk for et_dyn executables (git-fixes).
  • printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
  • printk: handle blank console arguments passed in (bsc#1192753).
  • printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
  • Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
  • Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
  • scsi: be2iscsi: Fix an error handling path in beiscsidevprobe() (git-fixes).
  • scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
  • scsi: core: Fix error handling of scsihostalloc() (git-fixes).
  • scsi: core: Fix spelling in a source code comment (git-fixes).
  • scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
  • scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
  • scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
  • scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
  • scsi: csiostor: Uninitialized data in csiolnvnpreadcbfn() (git-fixes).
  • scsi: dc395: Fix error case unwinding (git-fixes).
  • scsi: FlashPoint: Rename si_flags field (git-fixes).
  • scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
  • scsi: libsas: Use safe() loop in sasresume_port() (git-fixes).
  • scsi: mpt3sas: Fix error return value in scsihexpander_add() (git-fixes).
  • scsi: qedf: Add pointer checks in qedfupdatelink_speed() (git-fixes).
  • scsi: qedf: Fix error codes in qedfallocglobal_queues() (git-fixes).
  • scsi: qedi: Fix error codes in qediallocglobal_queues() (git-fixes).
  • scsi: qla2xxx: Fix a memory leak in an error path of qla2x00processels() (git-fixes).
  • scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
  • scsi: snic: Fix an error message (git-fixes).
  • scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
  • soc: fsl: dpio: replace smpprocessorid with rawsmpprocessor_id (git-fixes).
  • swiotlb-xen: avoid double free (git-fixes).
  • sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802).
  • tracing: use %ps format string to print symbols (git-fixes).
  • tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
  • Update config files: Add CONFIGBPFUNPRIVDEFAULTOFF is not set
  • x86/xen: Mark cpubringupandidle() as deadend_function (git-fixes).
  • x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
  • xen: Fix implicit type conversion (git-fixes).
  • xen-pciback: Fix return in pmctrlinit() (git-fixes).
  • xen-pciback: redo VF placement in the virtual topology (git-fixes).
  • xen/x86: fix PV trap handling on secondary processors (git-fixes).
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.103.1",
            "gfs2-kmp-default": "4.12.14-122.103.1",
            "ocfs2-kmp-default": "4.12.14-122.103.1",
            "cluster-md-kmp-default": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.103.1",
            "kernel-default-kgraft-devel": "4.12.14-122.103.1",
            "kgraft-patch-4_12_14-122_103-default": "1-8.5.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_26

Package

Name
kgraft-patch-SLE12-SP5_Update_26
Purl
purl:rpm/suse/kgraft-patch-SLE12-SP5_Update_26&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.103.1",
            "kernel-default-kgraft-devel": "4.12.14-122.103.1",
            "kgraft-patch-4_12_14-122_103-default": "1-8.5.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-docs

Package

Name
kernel-docs
Purl
purl:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.103.1",
            "kernel-obs-build": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-obs-build

Package

Name
kernel-obs-build
Purl
purl:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.103.1",
            "kernel-obs-build": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.103.1",
            "kernel-devel": "4.12.14-122.103.1",
            "kernel-default-base": "4.12.14-122.103.1",
            "kernel-default-man": "4.12.14-122.103.1",
            "kernel-default": "4.12.14-122.103.1",
            "kernel-source": "4.12.14-122.103.1",
            "kernel-syms": "4.12.14-122.103.1",
            "kernel-default-devel": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.103.1",
            "kernel-devel": "4.12.14-122.103.1",
            "kernel-default-base": "4.12.14-122.103.1",
            "kernel-default-man": "4.12.14-122.103.1",
            "kernel-default": "4.12.14-122.103.1",
            "kernel-source": "4.12.14-122.103.1",
            "kernel-syms": "4.12.14-122.103.1",
            "kernel-default-devel": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.103.1",
            "kernel-devel": "4.12.14-122.103.1",
            "kernel-default-base": "4.12.14-122.103.1",
            "kernel-default-man": "4.12.14-122.103.1",
            "kernel-default": "4.12.14-122.103.1",
            "kernel-source": "4.12.14-122.103.1",
            "kernel-syms": "4.12.14-122.103.1",
            "kernel-default-devel": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.103.1",
            "kernel-devel": "4.12.14-122.103.1",
            "kernel-default-base": "4.12.14-122.103.1",
            "kernel-default-man": "4.12.14-122.103.1",
            "kernel-default": "4.12.14-122.103.1",
            "kernel-source": "4.12.14-122.103.1",
            "kernel-syms": "4.12.14-122.103.1",
            "kernel-default-devel": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.103.1",
            "kernel-devel": "4.12.14-122.103.1",
            "kernel-default-base": "4.12.14-122.103.1",
            "kernel-default-man": "4.12.14-122.103.1",
            "kernel-default": "4.12.14-122.103.1",
            "kernel-source": "4.12.14-122.103.1",
            "kernel-syms": "4.12.14-122.103.1",
            "kernel-default-devel": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.103.1",
            "kernel-devel": "4.12.14-122.103.1",
            "kernel-default-base": "4.12.14-122.103.1",
            "kernel-default-man": "4.12.14-122.103.1",
            "kernel-default": "4.12.14-122.103.1",
            "kernel-source": "4.12.14-122.103.1",
            "kernel-syms": "4.12.14-122.103.1",
            "kernel-default-devel": "4.12.14-122.103.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-extra": "4.12.14-122.103.1"
        }
    ]
}