OVAL Reference oval:org.opensuse.security:def:59470

Oval Definition:

oval:org.opensuse.security:def:59470

Revision Date:	2021-05-13	Version:	1
Title:	Security update for the Linux Kernel (Important)
Description:	The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
Family:	unix	Class:	patch
Status:		Reference(s):	1004527 1005776 1005778 1005780 1005781 1012382 1012829 1015342 1015343 1019675 1019680 1019695 1019699 1020412 1020645 1020657 1020989 1021424 1022595 1022604 1022743 1022912 1022967 1024346 1024373 1024405 1025461 1027519 1030850 1031717 1031784 1032150 1034048 1034075 1035479 1036060 1036215 1036737 1037579 1037838 1037890 1038583 1040813 1040855 1042847 1043598 1044503 1044767 1046529 1047233 1047238 1047487 1047989 1048155 1048228 1048325 1048327 1048356 1048501 1048893 1048912 1048934 1049226 1049272 1049291 1049336 1049361 1049580 1050471 1050742 1051790 1051987 1052093 1052094 1052095 1052360 1052384 1052580 1052593 1052888 1053043 1053309 1053472 1053627 1053629 1053633 1053681 1053685 1053802 1053915 1053919 1054082 1054084 1054654 1055013 1055096 1055272 1055290 1055359 1055493 1055567 1055695 1055709 1055755 1055896 1055935 1055963 1056061 1056185 1056230 1056261 1056278 1056280 1056281 1056282 1056427 1056587 1056588 1056596 1056686 1056827 1056849 1056982 1057015 1057031 1057035 1057038 1057047 1057067 1057358 1057383 1057498 1057849 1058038 1058116 1058135 1058410 1058507 1058512 1058550 1059051 1059465 1059500 1059863 1060197 1060229 1060249 1060400 1060877 1060985 1061017 1061046 1061064 1061067 1061172 1061451 1061721 1061775 1061831 1061872 1062279 1062520 1062962 1063102 1063349 1063460 1063475 1063479 1063501 1063509 1063520 1063570 1063667 1063671 1063695 1064064 1064206 1064388 1064436 1065729 1084604 1094840 1104205 1108308 1109209 1109412 1109413 1109414 1111996 1112534 1112535 1113231 1113247 1113252 1113255 1116717 1116827 1117275 1118830 1118831 1119493 1120640 1121034 1121035 1121056 1123156 1132665 1133131 1133232 1137443 1139959 1140122 1141913 1142772 1149792 1152457 1154824 1161951 1164871 1166238 1168930 1169025 1169605 1169625 1169786 1169936 1170302 1170383 1170618 1170620 1170741 1170939 1171078 1171098 1171195 1171202 1171218 1171219 1171689 1171698 1172031 1172032 1172221 1172225 1172317 1173485 1175873 1176700 1176720 1176855 1177411 1177753 1178171 1178181 1179454 1181032 1181960 1182194 1182672 1182715 1182716 1182717 1183022 1183063 1183069 1183509 1183593 1183646 1183686 1183696 1183738 1183775 1184120 1184167 1184168 1184170 1184192 1184193 1184194 1184196 1184198 1184208 1184211 1184388 1184391 1184393 1184397 1184509 1184511 1184512 1184514 1184583 1184650 1184942 1185113 1185244 1185248 945190 963575 964944 966170 966172 966186 966191 966316 966318 969476 969477 969756 971975 981309 CVE-2013-6369 CVE-2014-3577 CVE-2014-9130 CVE-2015-5262 CVE-2017-1000252 CVE-2017-11472 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-12166 CVE-2017-13080 CVE-2017-13672 CVE-2017-13673 CVE-2017-14051 CVE-2017-14106 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-14489 CVE-2017-15265 CVE-2017-15649 CVE-2018-1000876 CVE-2018-14526 CVE-2018-16872 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19364 CVE-2018-19489 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-7858 CVE-2019-1010180 CVE-2019-12735 CVE-2019-13012 CVE-2019-20503 CVE-2019-20807 CVE-2019-6778 CVE-2020-0433 CVE-2020-0543 CVE-2020-10757 CVE-2020-11008 CVE-2020-12114 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12656 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2020-5260 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 SUSE-SU-2017:2420-1 SUSE-SU-2017:2839-1 SUSE-SU-2017:2847-1 SUSE-SU-2019:0489-1 SUSE-SU-2019:1088-1 SUSE-SU-2019:1456-1 SUSE-SU-2019:2650-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:1550-1 SUSE-SU-2020:1596-1 SUSE-SU-2020:3149-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information libFLAC++6-1.3.2-lp150.1 is installed OR libFLAC8-1.3.2-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND enigmail-2.0.11-31 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND wpa_supplicant-2.6-15.10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libecpg6-10.5-1.3 is installed OR libpq5-10.5-1.3 is installed OR libpq5-32bit-10.5-1.3 is installed OR postgresql-init-10-17.20 is installed OR postgresql10-10.5-1.3 is installed OR postgresql10-contrib-10.5-1.3 is installed OR postgresql10-docs-10.5-1.3 is installed OR postgresql10-libs-10.5-1.3 is installed OR postgresql10-server-10.5-1.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libjbig2-2.0-12 is installed OR libjbig2-32bit-2.0-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information postgresql96-9.6.15-3.29 is installed OR postgresql96-contrib-9.6.15-3.29 is installed OR postgresql96-docs-9.6.15-3.29 is installed OR postgresql96-libs-9.6.15-3.29 is installed OR postgresql96-plperl-9.6.15-3.29 is installed OR postgresql96-plpython-9.6.15-3.29 is installed OR postgresql96-pltcl-9.6.15-3.29 is installed OR postgresql96-server-9.6.15-3.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND ucode-intel-20190618-13.47 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_72-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_22-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information bluez-5.13-5.12 is installed OR libbluetooth3-5.13-5.12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND ant-1.9.4-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information kernel-default-4.12.14-95.74.1 is installed OR kernel-default-base-4.12.14-95.74.1 is installed OR kernel-default-devel-4.12.14-95.74.1 is installed OR kernel-devel-4.12.14-95.74.1 is installed OR kernel-macros-4.12.14-95.74.1 is installed OR kernel-source-4.12.14-95.74.1 is installed OR kernel-syms-4.12.14-95.74.1 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information gvim-7.4.326-17.6 is installed OR vim-7.4.326-17.6 is installed OR vim-data-7.4.326-17.6 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kernel-default-4.4.180-94.121 is installed OR kernel-default-base-4.4.180-94.121 is installed OR kernel-default-devel-4.4.180-94.121 is installed OR kernel-default-kgraft-4.4.180-94.121 is installed OR kernel-devel-4.4.180-94.121 is installed OR kernel-macros-4.4.180-94.121 is installed OR kernel-source-4.4.180-94.121 is installed OR kernel-syms-4.4.180-94.121 is installed OR kgraft-patch-4_4_180-94_121-default-1-4.5 is installed OR kgraft-patch-SLE12-SP3_Update_32-1-4.5 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND python-Werkzeug-0.14.1-3.3 is installed

BACK