OVAL Reference oval:org.opensuse.security:def:55279

Oval Definition:

oval:org.opensuse.security:def:55279

Revision Date:	2021-12-06	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Additional spectrev1 fixes were added to the eBPF code. - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1087082 bnc#1100416 bnc#1129735). - CVE-2018-16882: A use-after-free issue was found in the way the KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions and are vulnerable (bnc#1119934). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1176724). - CVE-2020-12655: An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767 (bnc#1171217). - CVE-2020-14305: An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allowed an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1173346). - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1186390 bnc#1188876). - CVE-2021-34556: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-35477: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the 'int_ctl' field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399). - CVE-2021-3655: A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-3679: A lack of CPU resource in the tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1190276). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159) - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-42739: The firewire subsystem in the Linux kernel has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673). - CVE-2021-43389: An issue was discovered in the Linux kernel There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - - ipv4: make exception cache less predictible (bsc#1191790, CVE-2021-20322). The following non-security bugs were fixed: - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22918) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22918). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1188325). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1188325). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1188325). - config: disable unprivileged BPF by default (jsc#SLE-22918) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - kABI: protect struct bpf_map (kabi). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390: bpf: implement jitting of BPF_ALU \| BPF_ARSH \| BPF_* (bsc#1190601). - scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sctp: simplify addr copy (bsc#1188563).
Family:	unix	Class:	patch
Status:		Reference(s):	1044947 1068032 1077692 1081294 1082216 1082233 1082234 1087082 1098425 1100078 1100416 1112209 1113534 1113652 1113742 1119934 1122319 1129735 1139083 1171217 1171420 1173346 1176724 1183089 1184673 1186109 1186390 1188172 1188325 1188563 1188601 1188838 1188876 1188983 1188985 1189057 1189262 1189291 1189399 1189706 1190023 1190025 1190067 1190117 1190159 1190276 1190349 1190351 1190601 1191193 1191315 1191790 1191958 1191961 1192781 802154 916953 918089 918090 934524 934527 934528 937096 943457 958342 960674 984060 984858 985217 986251 991616 CVE-2013-1982 CVE-2013-2126 CVE-2013-2127 CVE-2014-8161 CVE-2014-9556 CVE-2014-9732 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 CVE-2015-1606 CVE-2015-1607 CVE-2015-2059 CVE-2015-3451 CVE-2015-3885 CVE-2015-4470 CVE-2015-4471 CVE-2015-8367 CVE-2015-8710 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-4971 CVE-2016-5440 CVE-2017-10672 CVE-2017-13735 CVE-2017-14608 CVE-2017-16909 CVE-2017-5753 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 CVE-2017-7500 CVE-2017-7501 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 CVE-2018-0734 CVE-2018-13405 CVE-2018-16882 CVE-2018-5407 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5810 CVE-2018-5813 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 CVE-2018-7169 CVE-2019-12900 CVE-2019-6116 CVE-2020-0429 CVE-2020-12655 CVE-2020-14305 CVE-2020-3702 CVE-2021-20265 CVE-2021-20322 CVE-2021-31916 CVE-2021-33033 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3760 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-3896 CVE-2021-40490 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389 SUSE-SU-2015:0639-1 SUSE-SU-2015:2131-1 SUSE-SU-2015:2170-1 SUSE-SU-2016:0178-1 SUSE-SU-2016:2218-1 SUSE-SU-2016:2226-1 SUSE-SU-2017:1635-1 SUSE-SU-2018:0662-1 SUSE-SU-2018:1074-1 SUSE-SU-2018:3286-1 SUSE-SU-2018:3989-1 SUSE-SU-2019:0144-1 SUSE-SU-2019:2013-1 SUSE-SU-2021:3929-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information expat-2.2.5-lp150.1 is installed OR libexpat1-2.2.5-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND clementine-1.3.1-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND cabextract-1.2-2.12 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information gpg2-2.0.9-25.33.41 is installed OR gpg2-lang-2.0.9-25.33.41 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information rpm-4.11.2-16.16 is installed OR rpm-32bit-4.11.2-16.16 is installed OR rpm-build-4.11.2-16.16 is installed OR rpm-python-4.11.2-16.16 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND libraw9-0.15.4-21 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libXext6-1.3.2-3 is installed OR libXext6-32bit-1.3.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information postgresql94-9.4.13-21.5 is installed OR postgresql94-contrib-9.4.13-21.5 is installed OR postgresql94-docs-9.4.13-21.5 is installed OR postgresql94-server-9.4.13-21.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information bash-4.3-78 is installed OR bash-doc-4.3-78 is installed OR libreadline6-6.3-78 is installed OR libreadline6-32bit-6.3-78 is installed OR readline-doc-6.3-78 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.161.1 is installed OR kernel-default-base-4.4.121-92.161.1 is installed OR kernel-default-devel-4.4.121-92.161.1 is installed OR kernel-devel-4.4.121-92.161.1 is installed OR kernel-macros-4.4.121-92.161.1 is installed OR kernel-source-4.4.121-92.161.1 is installed OR kernel-syms-4.4.121-92.161.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libprocps3-3.3.9-11.18 is installed OR procps-3.3.9-11.18 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kernel-default-4.4.121-92.92 is installed OR kernel-default-base-4.4.121-92.92 is installed OR kernel-default-devel-4.4.121-92.92 is installed OR kernel-default-man-4.4.121-92.92 is installed OR kernel-devel-4.4.121-92.92 is installed OR kernel-macros-4.4.121-92.92 is installed OR kernel-source-4.4.121-92.92 is installed OR kernel-syms-4.4.121-92.92 is installed OR kgraft-patch-4_4_121-92_92-default-1-3.7 is installed OR kgraft-patch-SLE12-SP2_Update_24-1-3.7 is installed OR lttng-modules-2.7.1-9.4 is installed OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gtk2-data-2.24.31-7 is installed OR gtk2-lang-2.24.31-7 is installed OR gtk2-tools-2.24.31-7 is installed OR gtk2-tools-32bit-2.24.31-7 is installed OR libgtk-2_0-0-2.24.31-7 is installed OR libgtk-2_0-0-32bit-2.24.31-7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information MozillaFirefox-68.9.0-109.123 is installed OR MozillaFirefox-translations-common-68.9.0-109.123 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_162-94_69-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_21-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_156-94_61-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_19-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libdcerpc-binding0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc-binding0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-krb5pac0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-krb5pac0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-nbt0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-nbt0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-standard0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-standard0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libnetapi0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libnetapi0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-credentials0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-credentials0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-errors0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-errors0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-hostconfig0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-hostconfig0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-passdb0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-passdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-util0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamdb0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbclient0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbconf0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbconf0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbldap0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbldap0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libtevent-util0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libtevent-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libwbclient0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libwbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-client-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-client-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-doc-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-libs-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-libs-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-winbind-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-winbind-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND binutils-2.31-9.26 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information openvpn-2.3.8-16.17 is installed OR openvpn-auth-pam-plugin-2.3.8-16.17 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information libopenssl-devel-1.0.2j-60.39 is installed OR libopenssl1_0_0-1.0.2j-60.39 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.39 is installed OR openssl-1.0.2j-60.39 is installed OR openssl-doc-1.0.2j-60.39 is installed

BACK