SUSE-SU-2021:1891-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Jun 8 16:18:13 UTC 2021
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1891-1
Rating: important
References: #1176081 #1180846 #1183947 #1184611 #1184675
#1185642 #1185677 #1185680 #1185724 #1185859
#1185860 #1185862 #1185863 #1185898 #1185899
#1185901 #1185938 #1185950 #1185987 #1186060
#1186061 #1186062 #1186111 #1186285 #1186390
#1186484 #1186498
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-26139
CVE-2020-26141 CVE-2020-26145 CVE-2020-26147
CVE-2021-23133 CVE-2021-23134 CVE-2021-32399
CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
CVSS scores:
CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2020-24586 (SUSE): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CVE-2020-24587 (NVD) : 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2020-24587 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-26139 (NVD) : 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-26139 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-26141 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-26145 (SUSE): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-26147 (NVD) : 5.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
CVE-2021-23133 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-23133 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-32399 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-32399 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33034 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33034 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2021-33200 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33200 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3491 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise High Availability 12-SP4
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 15 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not
yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed
local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead
to privilege escalation from the context of a network service or an
unprivileged process. (bnc#1184675)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that received fragments be cleared from memory after
(re)connecting to a network. Under the right circumstances this can be
abused to inject arbitrary network packets and/or exfiltrate user data
(bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that all fragments of a frame are encrypted under the same key.
An adversary can abuse this to decrypt selected fragments when another
device sends fragmented frames and the WEP, CCMP, or GCMP encryption key
is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP,
or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305
4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept
second (or subsequent) broadcast fragments even when sent in plaintext
and process them as full unfragmented frames. An adversary can abuse
this to inject arbitrary network packets independent of the network
configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP
frames was not verified. An adversary can abuse this to inject and
possibly decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
- af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL
(bsc#1176081).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938
ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
- kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- kernel/smp: add boot parameter for controlling CSD lock debugging
(bsc#1180846).
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- md/raid1: properly indicate failure when ending a failed write request
(bsc#1185680).
- net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
- net/mlx5e: Remove the wrong assumption about transport offset
(bsc#1176081).
- net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
- net/packet: Ask driver for protocol if not provided by user
(bsc#1176081).
- net/packet: Remove redundant skb->protocol set (bsc#1176081).
- net: Do not set transport offset to invalid value (bsc#1176081).
- net: Introduce parse_protocol header_ops callback (bsc#1176081).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947
bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message
(bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used
(bsc#1183947 bsc#1185950).
- netfilter: conntrack: tcp: only close if RST matches exact sequence
(bsc#1183947 bsc#1185950).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1891=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1891=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1891=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1891=1
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1891=1
- SUSE Linux Enterprise High Availability 12-SP4:
zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1891=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-default-devel-debuginfo-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
- SUSE OpenStack Cloud Crowbar 9 (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
- SUSE OpenStack Cloud 9 (x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-default-devel-debuginfo-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
- SUSE OpenStack Cloud 9 (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.77.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.77.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
kernel-default-man-4.12.14-95.77.1
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kernel-default-kgraft-4.12.14-95.77.1
kernel-default-kgraft-devel-4.12.14-95.77.1
kgraft-patch-4_12_14-95_77-default-1-6.3.1
- SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-95.77.1
cluster-md-kmp-default-debuginfo-4.12.14-95.77.1
dlm-kmp-default-4.12.14-95.77.1
dlm-kmp-default-debuginfo-4.12.14-95.77.1
gfs2-kmp-default-4.12.14-95.77.1
gfs2-kmp-default-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
ocfs2-kmp-default-4.12.14-95.77.1
ocfs2-kmp-default-debuginfo-4.12.14-95.77.1
References:
https://www.suse.com/security/cve/CVE-2020-24586.html
https://www.suse.com/security/cve/CVE-2020-24587.html
https://www.suse.com/security/cve/CVE-2020-26139.html
https://www.suse.com/security/cve/CVE-2020-26141.html
https://www.suse.com/security/cve/CVE-2020-26145.html
https://www.suse.com/security/cve/CVE-2020-26147.html
https://www.suse.com/security/cve/CVE-2021-23133.html
https://www.suse.com/security/cve/CVE-2021-23134.html
https://www.suse.com/security/cve/CVE-2021-32399.html
https://www.suse.com/security/cve/CVE-2021-33034.html
https://www.suse.com/security/cve/CVE-2021-33200.html
https://www.suse.com/security/cve/CVE-2021-3491.html
https://bugzilla.suse.com/1176081
https://bugzilla.suse.com/1180846
https://bugzilla.suse.com/1183947
https://bugzilla.suse.com/1184611
https://bugzilla.suse.com/1184675
https://bugzilla.suse.com/1185642
https://bugzilla.suse.com/1185677
https://bugzilla.suse.com/1185680
https://bugzilla.suse.com/1185724
https://bugzilla.suse.com/1185859
https://bugzilla.suse.com/1185860
https://bugzilla.suse.com/1185862
https://bugzilla.suse.com/1185863
https://bugzilla.suse.com/1185898
https://bugzilla.suse.com/1185899
https://bugzilla.suse.com/1185901
https://bugzilla.suse.com/1185938
https://bugzilla.suse.com/1185950
https://bugzilla.suse.com/1185987
https://bugzilla.suse.com/1186060
https://bugzilla.suse.com/1186061
https://bugzilla.suse.com/1186062
https://bugzilla.suse.com/1186111
https://bugzilla.suse.com/1186285
https://bugzilla.suse.com/1186390
https://bugzilla.suse.com/1186484
https://bugzilla.suse.com/1186498
More information about the sle-security-updates
mailing list