SUSE-SU-2021:2406-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Tue Jul 20 16:36:25 UTC 2021

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2021:2406-1
Rating:             important
References:         #1179610 #1180846 #1184611 #1185859 #1185860 
                    #1185861 #1185862 #1185863 #1185898 #1185987 
                    #1186060 #1186062 #1186111 #1186390 #1186463 
                    #1187038 #1187050 #1187215 #1187452 #1187595 
                    #1187601 #1187934 #1188062 #1188116 
Cross-References:   CVE-2020-24586 CVE-2020-24587 CVE-2020-24588
                    CVE-2020-26139 CVE-2020-26141 CVE-2020-26145
                    CVE-2020-26147 CVE-2020-26558 CVE-2020-36385
                    CVE-2020-36386 CVE-2021-0129 CVE-2021-0512
                    CVE-2021-0605 CVE-2021-22555 CVE-2021-23134
                    CVE-2021-32399 CVE-2021-33034 CVE-2021-33909
                    CVE-2021-34693 CVE-2021-3609
CVSS scores:
                    CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-24586 (SUSE): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
                    CVE-2020-24587 (NVD) : 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-24587 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2020-26139 (NVD) : 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-26139 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-26141 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26145 (SUSE): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26147 (NVD) : 5.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
                    CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32399 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32399 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33034 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33034 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
                    CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL

   An update that solves 20 vulnerabilities and has four fixes
   is now available.


   The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-22555: Fixed an heap out-of-bounds write in
     net/netfilter/x_tables.c that could allow local provilege escalation.
   - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer
     that allows to obtain full root privileges. (bsc#1188062)
   - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol
     which allows for local privilege escalation. (bsc#1187215)
   - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
     information disclosure in the kernel with System execution privileges
     needed. (bsc#1187601)
   - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
     local escalation of privilege with no additional execution privileges
     needed. (bsc#1187595)
   - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local
     users to obtain sensitive information from kernel stack memory because
     parts of a data structure are uninitialized. (bsc#1187452)
   - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for
     local privilege escalation. (bsc#1187050)
   - CVE-2021-0129: Fixed an improper access control in BlueZ that may have
     allowed an authenticated user to potentially enable information
     disclosure via adjacent access. (bsc#1186463)
   - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure
     pairing that could permit a nearby man-in-the-middle attacker to
     identify the Passkey used during pairing. (bsc#1179610)
   - CVE-2020-36386: Fixed an out-of-bounds read in
     hci_extended_inquiry_result_evt. (bsc#1187038)
   - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse
     devices that support receiving non-SSP A-MSDU frames to inject arbitrary
     network packets. (bsc#1185861)
   - CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c
     for removal of the HCI controller. (bsc#1184611)
   - CVE-2021-33034: Fixed an issue in net/bluetooth/hci_event.c where a
     use-after-free leads to writing an arbitrary value. (bsc#1186111)
   - CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward
     EAPOL frames to other clients even though the sender has not yet
     successfully authenticated. This might be abused in projected Wi-Fi
     networks to launch denial-of-service attacks against connected clients
     and made it easier to exploit other vulnerabilities in connected
     clients. (bsc#1186062)
   - CVE-2021-23134: Fixed a use After Free vulnerability in nfc sockets
     which allows local attackers to elevate their privileges. (bsc#1186060)
   - CVE-2020-24586: Fixed a bug that, under the right circumstances, allows
     to inject arbitrary network packets and/or exfiltrate user data when
     another device sends fragmented frames encrypted using WEP, CCMP, or
     GCMP. (bsc#1185859)
   - CVE-2020-26141: Fixed a flaw that could allows an adversary to inject
     and possibly decrypt packets in WPA or WPA2 networks that support the
     TKIP data-confidentiality protocol. (bsc#1185987)
   - CVE-2020-26145: Fixed a bug in the WEP, WPA, WPA2, and WPA3
     implementations that could allows an adversary to inject arbitrary
     network packets. (bsc#1185860)
   - CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected
     fragments when another device sends fragmented frames and the WEP, CCMP,
     or GCMP encryption key is periodically renewed. (bsc#1185862)
   - CVE-2020-26147: Fixed a bug in the WEP, WPA, WPA2, and WPA3
     implementations that could allows an adversary to inject packets and/or
     exfiltrate selected fragments when another device sends fragmented
     frames. (bsc#1185987)

   The following non-security bugs were fixed:

   - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
   - kernel/smp: add boot parameter for controlling CSD lock debugging
   - kernel/smp: Add source and destination CPUs to __call_single_data
   - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
   - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
   - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86
   - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2406=1

Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):


   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):



More information about the sle-security-updates mailing list