SUSE-SU-2021:2416-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jul 20 19:17:52 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:2416-1
Rating:             important
References:         #1065729 #1085224 #1094840 #1153720 #1170511 
                    #1183871 #1184114 #1185032 #1185308 #1185791 
                    #1185995 #1187050 #1187215 #1187585 #1187934 
                    #1188062 #1188116 #1188273 #1188274 
Cross-References:   CVE-2020-36385 CVE-2021-22555 CVE-2021-33909
                    CVE-2021-3609 CVE-2021-3612
CVSS scores:
                    CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 14 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-22555: Fixed an heap out-of-bounds write in
     net/netfilter/x_tables.c that could allow local provilege escalation.
     (bsc#1188116)
   - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer
     that allows to obtain full root privileges. (bsc#1188062)
   - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol
     which allows for local privilege escalation. (bsc#1187215)
   - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could
     allows a local user to crash the system or possibly escalate their
     privileges on the system. (bsc#1187585)
   - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for
     local privilege escalation. (bsc#1187050)

   The following non-security bugs were fixed:

   - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
   - ACPI: sysfs: Fix a buffer overrun problem with description_show()
     (git-fixes).
   - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
   - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
     (git-fixes).
   - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
     (git-fixes).
   - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
   - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
     hi6210_i2s_startup() (git-fixes).
   - ata: ahci_sunxi: Disable DIPM (git-fixes).
   - ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
   - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
   - brcmfmac: correctly report average RSSI in station info (git-fixes).
   - brcmfmac: fix setting of station info chains bitmask (git-fixes).
   - brcmsmac: mac80211_if: Fix a resource leak in an error handling path
     (git-fixes).
   - can: gw: synchronize rcu operations before removing gw job entry
     (git-fixes).
   - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
   - can: peak_pciefd: pucan_handle_status(): fix a potential starvation
     issue in TX path (git-fixes).
   - cfg80211: call cfg80211_leave_ocb when switching away from OCB
     (git-fixes).
   - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
     set_protocol() (git-fixes).
   - crypto: cavium/nitrox - Fix an error rhandling path in 'nitrox_probe()'
     (git-fixes).
   - cxgb4: fix wrong shift (git-fixes).
   - drm: qxl: ensure surf.data is ininitialized (git-fixes).
   - drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
   - drm/radeon: wait for moving fence after pinning (git-fixes).
   - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error
     in cdn_dp_grf_write() (git-fixes).
   - extcon: max8997: Add missing modalias string (git-fixes).
   - extcon: sm5502: Drop invalid register write in sm5502_reg_data
     (git-fixes).
   - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
   - fuse: check connected before queueing on fpq->io (bsc#1188273).
   - fuse: reject internal errno (bsc#1188274).
   - genirq: Disable interrupts for force threaded handlers (git-fixes)
   - genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
   - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
   - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
   - gve: Fix swapped vars when fetching max queues (git-fixes).
   - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
   - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
   - HID: hid-sensor-hub: Return error for hid_set_field() failure
     (git-fixes).
   - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
   - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
   - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
   - i2c: robotfuzz-osif: fix control-request directions (git-fixes).
   - ibmvnic: Allow device probe if the device is not ready at boot
     (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114
     ltc#192237).
   - ibmvnic: fix send_request_map incompatible argument (bsc#1184114
     ltc#192237).>
   - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
   - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871
     ltc#192139 git-fixes).
   - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
   - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c
     (bsc#1184114 ltc#192237).
   - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
   - iio: accel: bma180: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: bma220: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: hid: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: kxcjk-1013: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: stk8312: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: stk8ba50: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: mxs-lradc: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: ti-ads1015: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: vf610: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adis_buffer: do not return ints in irq handlers (git-fixes).
   - iio: gyro: bmg160: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: humidity: am2315: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: isl29125: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: tcs3414: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: ltr501: ltr501_read_ps(): add missing endianness conversion
     (git-fixes).
   - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
   - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and
     PS_DATA as volatile, too (git-fixes).
   - iio: potentiostat: lmp91000: Fix alignment of buffer in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: prox: pulsed-light: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
   - Input: usbtouchscreen - fix control-request directions (git-fixes).
   - leds: ktd2692: Fix an error handling path (git-fixes).
   - leds: trigger: fix potential deadlock with libata (git-fixes).
   - lib/decompressors: remove set but not used variabled 'level' (git-fixes).
   - lpfc: Decouple port_template and vport_template (bsc#1185032).
   - mac80211: remove iwlwifi specific workaround NDPs of null_response
     (git-fixes).
   - mac80211: remove warning in ieee80211_get_sband() (git-fixes).
   - media: dtv5100: fix control-request directions (git-fixes).
   - media: dvb-usb: fix wrong definition (git-fixes).
   - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
   - media: gspca/gl860: fix zero-length control requests (git-fixes).
   - media: gspca/sq905: fix control-request direction (git-fixes).
   - media: gspca/sunplus: fix zero-length control requests (git-fixes).
   - media: I2C: change 'RST' to "RSET" to fix multiple build errors
     (git-fixes).
   - media: rtl28xxu: fix zero-length control request (git-fixes).
   - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
   - media: siano: Fix out-of-bounds warnings in
     smscore_load_firmware_family2() (git-fixes).
   - media: tc358743: Fix error return code in tc358743_probe_of()
     (git-fixes).
   - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
   - memory: atmel-ebi: add missing of_node_put for loop iteration
     (git-fixes).
   - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
   - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
   - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
     (git-fixes).
   - mmc: block: Disable CMDQ on the ioctl path (git-fixes).
   - mmc: core: clear flags before allowing to retune (git-fixes).
   - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
   - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
     (git-fixes).
   - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
   - mmc: vub3000: fix control-request direction (git-fixes).
   - mwifiex: re-fix for unaligned accesses (git-fixes).
   - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
   - netsec: restore phy power state after controller reset (git-fixes).
   - nvme: verify MNAN value if ANA is enabled (bsc#1185791).
   - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
   - PCI: Mark TI C667X to avoid bus reset (git-fixes).
   - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
   - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
   - reset: a10sr: add missing of_match_table reference (git-fixes).
   - reset: bail if try_module_get() fails (git-fixes).
   - reset: sti: reset-syscfg: fix struct description warnings (git-fixes).
   - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
     (git-fixes).
   - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
     (git-fixes).
   - Revert "ibmvnic: remove duplicate napi_schedule call in open function"
     (bsc#1065729).
   - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
     (git-fixes).
   - Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes).
   - sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes)
   - sched/fair: Do not assign runtime for throttled cfs_rq (git-fixes)
   - sched/fair: Fix unfairness caused by missing load decay (git-fixes)
   - sched/numa: Fix a possible divide-by-zero (git-fixes)
   - scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
     (bsc#1185995).
   - scsi: qedf: Do not put host in qedf_vport_create() unconditionally
     (bsc#1170511).
   - serial: mvebu-uart: clarify the baud rate derivation (git-fixes).
   - serial: mvebu-uart: correctly calculate minimal possible baudrate
     (git-fixes).
   - serial: mvebu-uart: do not allow changing baudrate when uartclk is not
     available (git-fixes).
   - serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
   - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
   - spi: tegra114: Fix an error message (git-fixes).
   - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
     (git-fixes).
   - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
   - tty: nozomi: Fix a resource leak in an error handling function
     (git-fixes).
   - tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
     (git-fixes).
   - usb: typec: Add the missed altmode_id_remove() in
     typec_register_altmode() (git-fixes).
   - watchdog: aspeed: fix hardware timeout calculation (git-fixes).
   - watchdog: sp805: Fix kernel doc description (git-fixes).
   - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
   - wireless: carl9170: fix LEDS build errors and warnings (git-fixes).
   - x86/debug: Extend the lower bound of crash kernel low reservations
     (bsc#1153720).
   - x86/kvm: Disable all PV features on crash (bsc#1185308).
   - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
   - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
   - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
   - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline()
     (bsc#1185308).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2416=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2416=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2416=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2416=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2416=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.80.1
      kernel-default-debugsource-4.12.14-122.80.1
      kernel-default-extra-4.12.14-122.80.1
      kernel-default-extra-debuginfo-4.12.14-122.80.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.80.1
      kernel-obs-build-debugsource-4.12.14-122.80.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.80.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.80.1
      kernel-default-base-4.12.14-122.80.1
      kernel-default-base-debuginfo-4.12.14-122.80.1
      kernel-default-debuginfo-4.12.14-122.80.1
      kernel-default-debugsource-4.12.14-122.80.1
      kernel-default-devel-4.12.14-122.80.1
      kernel-syms-4.12.14-122.80.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.80.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.80.1
      kernel-macros-4.12.14-122.80.1
      kernel-source-4.12.14-122.80.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.80.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.80.1
      kernel-default-debugsource-4.12.14-122.80.1
      kernel-default-kgraft-4.12.14-122.80.1
      kernel-default-kgraft-devel-4.12.14-122.80.1
      kgraft-patch-4_12_14-122_80-default-1-8.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.80.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.80.1
      dlm-kmp-default-4.12.14-122.80.1
      dlm-kmp-default-debuginfo-4.12.14-122.80.1
      gfs2-kmp-default-4.12.14-122.80.1
      gfs2-kmp-default-debuginfo-4.12.14-122.80.1
      kernel-default-debuginfo-4.12.14-122.80.1
      kernel-default-debugsource-4.12.14-122.80.1
      ocfs2-kmp-default-4.12.14-122.80.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.80.1


References:

   https://www.suse.com/security/cve/CVE-2020-36385.html
   https://www.suse.com/security/cve/CVE-2021-22555.html
   https://www.suse.com/security/cve/CVE-2021-33909.html
   https://www.suse.com/security/cve/CVE-2021-3609.html
   https://www.suse.com/security/cve/CVE-2021-3612.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085224
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1153720
   https://bugzilla.suse.com/1170511
   https://bugzilla.suse.com/1183871
   https://bugzilla.suse.com/1184114
   https://bugzilla.suse.com/1185032
   https://bugzilla.suse.com/1185308
   https://bugzilla.suse.com/1185791
   https://bugzilla.suse.com/1185995
   https://bugzilla.suse.com/1187050
   https://bugzilla.suse.com/1187215
   https://bugzilla.suse.com/1187585
   https://bugzilla.suse.com/1187934
   https://bugzilla.suse.com/1188062
   https://bugzilla.suse.com/1188116
   https://bugzilla.suse.com/1188273
   https://bugzilla.suse.com/1188274



More information about the sle-security-updates mailing list