SUSE-SU-2021:14849-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Dec 1 20:23:32 UTC 2021
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:14849-1
Rating: important
References: #1183089 #1184673 #1186109 #1187050 #1187215
#1188172 #1188563 #1188601 #1188876 #1189057
#1189262 #1189399 #1190117 #1190351 #1191315
#1191660 #1191958 #1192036 #1192267 #904899
#905100
Cross-References: CVE-2014-7841 CVE-2020-36385 CVE-2021-20265
CVE-2021-33033 CVE-2021-3542 CVE-2021-3609
CVE-2021-3640 CVE-2021-3653 CVE-2021-3655
CVE-2021-3679 CVE-2021-37159 CVE-2021-3772
CVE-2021-38160 CVE-2021-38198 CVE-2021-42008
CVE-2021-42739 CVE-2021-43389
CVSS scores:
CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20265 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20265 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 17 vulnerabilities and has four fixes
is now available.
Description:
The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called
unregister_netdev without checking for the NETREG_REGISTERED state,
leading to a use-after-free and a double free (bnc#1188601).
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Missing size validations on inbound SCTP packets may have
allowed the kernel to read uninitialized memory (bnc#1188563
bnc#1192267).
- CVE-2014-7841: The sctp_process_param function in
net/sctp/sm_make_chunk.c in the SCTP implementation, when ASCONF is
used, allowed remote attackers to cause a denial of service (NULL
pointer dereference and system crash) via a malformed INIT chunk
(bnc#904899 bnc#905100).
- CVE-2021-20265: A flaw was found in the way memory resources were freed
in the unix_stream_recvmsg function when a signal was pending. This flaw
allowed an unprivileged local user to crash the system by exhausting
available memory. The highest threat from this vulnerability is to
system availability (bnc#1183089).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bnc#1184673 bnc#1192036).
- CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt
in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for
the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to
writing an arbitrary value (bnc#1186109 bnc#1188876).
- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the
detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c
had a slab out-of-bounds write. Input from a process that has the
CAP_NET_ADMIN capability can lead to root access (bnc#1191315).
- CVE-2021-38160: Data corruption or loss could be triggered by an
untrusted device that supplies a buf->len value exceeding the buffer
size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the
access permissions of a shadow page, leading to a missing guest
protection page fault (bnc#1189262).
- CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM
nested virtualization. The flaw occurs when processing the VMCB (virtual
machine control block) provided by the L1 guest to spawn/handle a nested
guest (L2). Due to improper validation of the "int_ctl" field, this
issue could allow a malicious L1 to enable AVIC support (Advanced
Virtual Interrupt Controller) for the L2 guest. As a result, the L2
guest would be allowed to read/write physical pages of the host,
resulting in a crash of the entire system, leak of sensitive data or
potential guest-to-host escape. (bnc#1189399).
- CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module
functionality was found in the way user uses trace ring buffer in a
specific way. Only privileged local users (with CAP_SYS_ADMIN
capability) could use this flaw to starve the resources causing denial
of service (bnc#1189057).
- CVE-2021-3609: A potential local privilege escalation in the CAN BCM
networking protocol was fixed (bsc#1187215).
- CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free
because the ctx is reached via the ctx_list in some ucma_migrate_id
situations where ucma_close is called, aka CID-f5449e74802c
(bnc#1187050).
The following non-security bugs were fixed:
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- sctp: simplify addr copy (bsc#1188563).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-kernel-14849=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-14849=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-14849=1
Package List:
- SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
kernel-default-3.0.101-108.132.1
kernel-default-base-3.0.101-108.132.1
kernel-default-devel-3.0.101-108.132.1
kernel-source-3.0.101-108.132.1
kernel-syms-3.0.101-108.132.1
kernel-trace-3.0.101-108.132.1
kernel-trace-base-3.0.101-108.132.1
kernel-trace-devel-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):
kernel-ec2-3.0.101-108.132.1
kernel-ec2-base-3.0.101-108.132.1
kernel-ec2-devel-3.0.101-108.132.1
kernel-xen-3.0.101-108.132.1
kernel-xen-base-3.0.101-108.132.1
kernel-xen-devel-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64):
kernel-bigmem-3.0.101-108.132.1
kernel-bigmem-base-3.0.101-108.132.1
kernel-bigmem-devel-3.0.101-108.132.1
kernel-ppc64-3.0.101-108.132.1
kernel-ppc64-base-3.0.101-108.132.1
kernel-ppc64-devel-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-SP4-LTSS (s390x):
kernel-default-man-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-SP4-LTSS (i586):
kernel-pae-3.0.101-108.132.1
kernel-pae-base-3.0.101-108.132.1
kernel-pae-devel-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-108.132.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-108.132.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
kernel-default-debuginfo-3.0.101-108.132.1
kernel-default-debugsource-3.0.101-108.132.1
kernel-trace-debuginfo-3.0.101-108.132.1
kernel-trace-debugsource-3.0.101-108.132.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-108.132.1
kernel-trace-devel-debuginfo-3.0.101-108.132.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-108.132.1
kernel-ec2-debugsource-3.0.101-108.132.1
kernel-xen-debuginfo-3.0.101-108.132.1
kernel-xen-debugsource-3.0.101-108.132.1
kernel-xen-devel-debuginfo-3.0.101-108.132.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-108.132.1
kernel-bigmem-debugsource-3.0.101-108.132.1
kernel-ppc64-debuginfo-3.0.101-108.132.1
kernel-ppc64-debugsource-3.0.101-108.132.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-108.132.1
kernel-pae-debugsource-3.0.101-108.132.1
kernel-pae-devel-debuginfo-3.0.101-108.132.1
References:
https://www.suse.com/security/cve/CVE-2014-7841.html
https://www.suse.com/security/cve/CVE-2020-36385.html
https://www.suse.com/security/cve/CVE-2021-20265.html
https://www.suse.com/security/cve/CVE-2021-33033.html
https://www.suse.com/security/cve/CVE-2021-3542.html
https://www.suse.com/security/cve/CVE-2021-3609.html
https://www.suse.com/security/cve/CVE-2021-3640.html
https://www.suse.com/security/cve/CVE-2021-3653.html
https://www.suse.com/security/cve/CVE-2021-3655.html
https://www.suse.com/security/cve/CVE-2021-3679.html
https://www.suse.com/security/cve/CVE-2021-37159.html
https://www.suse.com/security/cve/CVE-2021-3772.html
https://www.suse.com/security/cve/CVE-2021-38160.html
https://www.suse.com/security/cve/CVE-2021-38198.html
https://www.suse.com/security/cve/CVE-2021-42008.html
https://www.suse.com/security/cve/CVE-2021-42739.html
https://www.suse.com/security/cve/CVE-2021-43389.html
https://bugzilla.suse.com/1183089
https://bugzilla.suse.com/1184673
https://bugzilla.suse.com/1186109
https://bugzilla.suse.com/1187050
https://bugzilla.suse.com/1187215
https://bugzilla.suse.com/1188172
https://bugzilla.suse.com/1188563
https://bugzilla.suse.com/1188601
https://bugzilla.suse.com/1188876
https://bugzilla.suse.com/1189057
https://bugzilla.suse.com/1189262
https://bugzilla.suse.com/1189399
https://bugzilla.suse.com/1190117
https://bugzilla.suse.com/1190351
https://bugzilla.suse.com/1191315
https://bugzilla.suse.com/1191660
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1192036
https://bugzilla.suse.com/1192267
https://bugzilla.suse.com/904899
https://bugzilla.suse.com/905100
More information about the sle-security-updates
mailing list