Oval Definition:oval:org.opensuse.security:def:68233
Revision Date:2021-07-30Version:1
Title:Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) (Important)
Description:

This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues.

The following security issues were fixed:

- CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that could lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-33034: Fixed a use-after-free vulnerability when destroying an hci_chan which leads to writing an arbitrary value. (bnc#1186111) - CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611) - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation. This bug was addressed with a previous fix, which turned out was incomplete, and its incompleteness is tracked as CVE-2021-28950. (bsc#1184211) - CVE-2021-29154: Fixed an incorrect computation of branch displacements in the BPF JIT compilers, which could allow to execute arbitrary code within the kernel context. (bsc#1184391) - CVE-2021-3444: The bpf verifier did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. (bsc#1184170) - CVE-2021-28660: Fixed an out-of-bounds write in rtw_wx_set_scan which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1183593) - CVE-2021-27365: Fixed an issue in certain iSCSI data structures that do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. (bsc#1182715) - CVE-2021-28688: Fixed some uninitialization pointers in Xen that could result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. (bsc#1183646) - CVE-2021-27363: Fixed a kernel pointer leak that can be used to determine the address of the iscsi_transport structure. (bsc#1182716) - CVE-2021-27364: Fixed an issue that provides an unprivileged user the ability of craft Netlink messages. (bsc#1182717)
Family:unixClass:patch
Status:Reference(s):1150137
1168669
1173032
1182717
1183120
1183491
1183658
1184171
1184710
1184952
1185847
1185899
1185901
1186285
1187052
1188117
1188257
CVE-2019-16168
CVE-2020-12402
CVE-2020-36322
CVE-2020-36385
CVE-2021-22555
CVE-2021-23133
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2021-28660
CVE-2021-28688
CVE-2021-29154
CVE-2021-32399
CVE-2021-33034
CVE-2021-33909
CVE-2021-3444
SUSE-SU-2019:2533-1
SUSE-SU-2020:1850-1
SUSE-SU-2021:2577-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Live Patching 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • libsqlite3-0-3.28.0-3.9 is installed
  • OR libsqlite3-0-32bit-3.28.0-3.9 is installed
  • OR sqlite3-3.28.0-3.9 is installed
  • OR sqlite3-devel-3.28.0-3.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP2 is installed
  • AND kernel-livepatch-5_3_18-24_53_4-default-2-2.1 is installed
    • BACK