Oval Definition:oval:org.opensuse.security:def:55981
Revision Date:2021-12-06Version:1
Title:Security update for the Linux Kernel (Important)
Description:





The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)

You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)

- CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Additional spectrev1 fixes were added to the eBPF code. - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1087082 bnc#1100416 bnc#1129735). - CVE-2018-16882: A use-after-free issue was found in the way the KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions and are vulnerable (bnc#1119934). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1176724). - CVE-2020-12655: An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767 (bnc#1171217). - CVE-2020-14305: An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allowed an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1173346). - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1186390 bnc#1188876). - CVE-2021-34556: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-35477: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the 'int_ctl' field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399). - CVE-2021-3655: A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-3679: A lack of CPU resource in the tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1190276). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159) - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-42739: The firewire subsystem in the Linux kernel has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673). - CVE-2021-43389: An issue was discovered in the Linux kernel There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - - ipv4: make exception cache less predictible (bsc#1191790, CVE-2021-20322).

The following non-security bugs were fixed:

- Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22918) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22918). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1188325). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1188325). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1188325). - config: disable unprivileged BPF by default (jsc#SLE-22918) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - kABI: protect struct bpf_map (kabi). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sctp: simplify addr copy (bsc#1188563).
Family:unixClass:patch
Status:Reference(s):1007829
1022263
1022264
1022265
1022283
1022284
1022553
1052481
1068032
1070162
1087082
1097356
1098425
1100416
1115339
1118319
1118320
1119934
1129735
1138676
1148987
1156275
1171217
1171420
1173346
1176724
1183089
1184673
1186109
1186390
1188172
1188325
1188563
1188601
1188838
1188876
1188983
1188985
1189057
1189262
1189291
1189399
1189706
1190023
1190025
1190067
1190117
1190159
1190276
1190349
1190351
1190601
1191193
1191315
1191790
1191958
1191961
1192781
802154
847708
883947
894370
939460
945842
946744
947165
950703
950704
950705
950706
951845
952151
953518
953831
954002
954018
954405
955104
955382
956408
956409
956411
956592
956832
959330
959552
962765
964468
965748
966220
968771
970135
971949
988675
988676
990500
990970
991934
992224
993665
994421
994625
994761
994772
994775
995785
995789
995792
CVE-2009-5044
CVE-2009-5080
CVE-2009-5081
CVE-2012-6711
CVE-2013-1739
CVE-2014-1562
CVE-2014-1567
CVE-2014-4607
CVE-2015-1335
CVE-2015-5276
CVE-2015-5307
CVE-2015-7311
CVE-2015-7504
CVE-2015-7969
CVE-2015-7970
CVE-2015-7971
CVE-2015-7972
CVE-2015-8104
CVE-2015-8339
CVE-2015-8340
CVE-2015-8341
CVE-2015-8345
CVE-2016-10165
CVE-2016-10166
CVE-2016-10167
CVE-2016-10168
CVE-2016-6258
CVE-2016-6259
CVE-2016-6833
CVE-2016-6834
CVE-2016-6835
CVE-2016-6836
CVE-2016-6888
CVE-2016-6906
CVE-2016-6912
CVE-2016-7092
CVE-2016-7093
CVE-2016-7094
CVE-2016-8864
CVE-2016-9317
CVE-2016-9841
CVE-2017-1000117
CVE-2017-10281
CVE-2017-10285
CVE-2017-10293
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
CVE-2017-5753
CVE-2018-13405
CVE-2018-16882
CVE-2018-5848
CVE-2018-9568
CVE-2019-13627
CVE-2019-14869
CVE-2020-0429
CVE-2020-12655
CVE-2020-14305
CVE-2020-3702
CVE-2021-20265
CVE-2021-20322
CVE-2021-31916
CVE-2021-33033
CVE-2021-34556
CVE-2021-34981
CVE-2021-3542
CVE-2021-35477
CVE-2021-3640
CVE-2021-3653
CVE-2021-3655
CVE-2021-3659
CVE-2021-3679
CVE-2021-3715
CVE-2021-37159
CVE-2021-3732
CVE-2021-3752
CVE-2021-3753
CVE-2021-37576
CVE-2021-3760
CVE-2021-3772
CVE-2021-38160
CVE-2021-38198
CVE-2021-38204
CVE-2021-3896
CVE-2021-40490
CVE-2021-42008
CVE-2021-42739
CVE-2021-43389
SUSE-SU-2015:1829-1
SUSE-SU-2015:2326-1
SUSE-SU-2016:0963-1
SUSE-SU-2016:2473-1
SUSE-SU-2016:2697-1
SUSE-SU-2017:0468-1
SUSE-SU-2017:2320-1
SUSE-SU-2017:3411-1
SUSE-SU-2019:2510-1
SUSE-SU-2019:2976-1
SUSE-SU-2019:2983-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libjasper4-2.0.14-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • SDL2-2.0.8-lp151.4.3 is installed
  • OR libSDL2-2_0-0-2.0.8-lp151.4.3 is installed
  • OR libSDL2-2_0-0-32bit-2.0.8-lp151.4.3 is installed
  • OR libSDL2-devel-2.0.8-lp151.4.3 is installed
  • OR libSDL2-devel-32bit-2.0.8-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-24.8.0esr-0.8 is installed
  • OR MozillaFirefox-translations-24.8.0esr-0.8 is installed
  • OR libfreebl3-3.16.4-0.8 is installed
  • OR libfreebl3-32bit-3.16.4-0.8 is installed
  • OR libsoftokn3-3.16.4-0.8 is installed
  • OR libsoftokn3-32bit-3.16.4-0.8 is installed
  • OR mozilla-nspr-4.10.7-0.3 is installed
  • OR mozilla-nspr-32bit-4.10.7-0.3 is installed
  • OR mozilla-nss-3.16.4-0.8 is installed
  • OR mozilla-nss-32bit-3.16.4-0.8 is installed
  • OR mozilla-nss-tools-3.16.4-0.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND lxc-0.8.0-0.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • gd-2.1.0-23 is installed
  • OR gd-32bit-2.1.0-23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • bind-9.9.9P1-49 is installed
  • OR bind-libs-9.9.9P1-49 is installed
  • OR bind-libs-32bit-9.9.9P1-49 is installed
  • OR bind-utils-9.9.9P1-49 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • groff-1.22.2-5 is installed
  • OR groff-full-1.22.2-5 is installed
  • OR gxditview-1.22.2-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.5-30.13 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.5-30.13 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.5-30.13 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.5-30.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND cifs-utils-6.5-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • res-signingkeys-3.0.38-52.26 is installed
  • OR smt-3.0.38-52.26 is installed
  • OR smt-support-3.0.38-52.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libdcerpc-atsvc0-4.2.4-28.29 is installed
  • OR samba-4.2.4-28.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_90-92_45-default-11-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_14-11-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libsystemd0-228-142 is installed
  • OR libsystemd0-32bit-228-142 is installed
  • OR libudev1-228-142 is installed
  • OR libudev1-32bit-228-142 is installed
  • OR systemd-228-142 is installed
  • OR systemd-32bit-228-142 is installed
  • OR systemd-bash-completion-228-142 is installed
  • OR systemd-sysvinit-228-142 is installed
  • OR udev-228-142 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_156-94_64-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_20-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libgcrypt-1.6.1-16.58 is installed
  • OR libgcrypt20-1.6.1-16.58 is installed
  • OR libgcrypt20-32bit-1.6.1-16.58 is installed
  • OR libgcrypt20-hmac-1.6.1-16.58 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.58 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • ceph-common-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librados2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librbd1-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librgw2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rados-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rbd-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rgw-12.2.8+git.1536505967.080f2248ff-2.15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • git-2.12.3-27.5 is installed
  • OR git-core-2.12.3-27.5 is installed
  • OR git-doc-2.12.3-27.5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • openstack-glance-13.0.1~a0~dev6-4.3 is installed
  • OR openstack-glance-api-13.0.1~a0~dev6-4.3 is installed
  • OR openstack-glance-doc-13.0.1~a0~dev6-4.3 is installed
  • OR openstack-glance-glare-13.0.1~a0~dev6-4.3 is installed
  • OR openstack-glance-registry-13.0.1~a0~dev6-4.3 is installed
  • OR python-glance-13.0.1~a0~dev6-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • mariadb-10.2.22-4.11 is installed
  • OR mariadb-client-10.2.22-4.11 is installed
  • OR mariadb-errormessages-10.2.22-4.11 is installed
  • OR mariadb-galera-10.2.22-4.11 is installed
  • OR mariadb-tools-10.2.22-4.11 is installed
    • BACK