Security update for the Linux Kernel (Important) (in QA)
Description:
The SUSE Linux Enterprise 12 SP3 Teradata kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service. (bsc#1193157) - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free. (bsc#1193727) - CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system. (bsc#1194001) - CVE-2021-4155: Fixed a data leak flaw that allows a local attacker to leak data on the XFS filesystem. (bsc#1194272) - CVE-2021-4197: Fixed an issue in cgroups may allow local privilege escalation. (bsc#1194302) - CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free. (bsc#1194529) - CVE-2021-20322: Fixed a bug that provides to an attacker the ability to quickly scan open UDP ports. (bsc#1191790) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440 - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-31916: Fixed a bound check failure that could allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash, a leak of internal kernel information, or a privilege escalation problem. (bnc#1192781) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-34981: Fixed an issue that allows an attacker with a local account to escalate privileges when CAPI (ISDN) hardware connection fails. (bsc#1191961) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087)
The following non-security bugs were fixed:
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22918) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22918). - cgroupns: Close race between cgroup_post_fork and copy_cgroup_ns (bsc#1180679). - config: disable unprivileged BPF by default (jsc#SLE-22918) - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - nvme: Do not allow to reset a reconnecting controller (bsc#1133874). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - scsi: virtio_scsi: let host do exception handling (bsc#1141181 bsc#1183996). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not assume sk_buff_head list is empty in error handling (git-fixes). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: do not use ~0U as error return value for xennet_fill_frags() (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
This patch is currently in QA and not yet available for download.
openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8