SUSE-SU-2022:0068-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Jan 13 17:18:34 UTC 2022
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:0068-1
Rating: important
References: #1114648 #1124431 #1167162 #1169514 #1172073
#1179599 #1183678 #1183897 #1184804 #1185727
#1185762 #1187167 #1189126 #1189158 #1189305
#1189841 #1190317 #1190358 #1190428 #1191229
#1191384 #1191731 #1191876 #1192032 #1192145
#1192267 #1192740 #1192845 #1192847 #1192866
#1192877 #1192946 #1192974 #1193231 #1193306
#1193318 #1193440 #1193442 #1193575 #1193731
#1194087 #1194094
Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820
CVE-2021-0920 CVE-2021-0935 CVE-2021-28711
CVE-2021-28712 CVE-2021-28713 CVE-2021-28714
CVE-2021-28715 CVE-2021-33098 CVE-2021-4002
CVE-2021-43975 CVE-2021-43976 CVE-2021-45485
CVE-2021-45486
CVSS scores:
CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves 16 vulnerabilities and has 26 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:
- CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi
chips, used in RPi family of devices aka "Kr00k". (bsc#1167162)
- CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet
ixgbe driver due to improper input validation. (bsc#1192877)
- CVE-2021-0935: Fixed out of bounds write due to a use after free which
could lead to local escalation of privilege with System execution
privileges needed in ip6_xmit. (bsc#1192032)
- CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel
mishandled situations with a long jump over an instruction sequence
where inner instructions require substantial expansions into multiple
BPF instructions, leading to an overflow. (bsc#1193575)
- CVE-2021-0920: Fixed a local privilege escalation due to an use after
free bug in unix_gc. (bsc#1193731)
- CVE-2021-45485: Fixed an information leak because of certain use of a
hash table which use IPv6 source addresses. (bsc#1194094)
- CVE-2021-45486: Fixed an information leak because the hash table is very
small in net/ipv4/route.c. (bsc#1194087)
- CVE-2021-28715: Fixed an issue where a guest could force Linux netback
driver to hog large amounts of kernel memory by do not queueing
unlimited number of packages. (bsc#1193442)
- CVE-2021-28714: Fixed an issue where a guest could force Linux netback
driver to hog large amounts of kernel memory by fixing rx queue stall
detection. (bsc#1193442)
- CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests
via high frequency events by hardening hvc_xen against event channel
storms. (bsc#1193440)
- CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests
via high frequency events by hardening netfront against event channel
storms. (bsc#1193440)
- CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests
via high frequency events by hardening blkfront against event channel
storms. (bsc#1193440)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could
allow an attacker (who can introduce a crafted device) to trigger an
out-of-bounds write via a crafted length value. (bsc#1192845)
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can
connect a crafted USB device) to cause a denial of service. (bsc#1192847)
- CVE-2021-4002: Added a missing TLB flush that could lead to leak or
corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in
nouveau's postclose() handler could happen if removing device.
(bsc#1179599)
The following non-security bugs were fixed:
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- cifs: Add new mount parameter "acdirmax" to allow caching directory
metadata (bsc#1190317).
- cifs: Add new parameter "acregmax" for distinct file and directory
metadata timeout (bsc#1190317).
- cifs: convert list_for_each to entry variant (jsc#SLE-20656).
- cifs: convert revalidate of directories to using directory metadata
cache timeout (bsc#1190317).
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED
(bsc#1190317).
- cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317).
- cifs: Fix a potencially linear read overflow (git-fixes).
- cifs: fix a sign extension bug (git-fixes).
- cifs: fix incorrect check for null pointer in header_assemble
(bsc#1190317).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname
(bsc#1190317).
- cifs: fix missed refcounting of ipc tcon (git-fixes).
- cifs: fix potential use-after-free bugs (jsc#SLE-20656).
- cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656).
- cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317).
- cifs: for compound requests, use open handle if possible (bsc#1190317).
- cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656).
- cifs: move to generic async completion (bsc#1190317).
- cifs: nosharesock should be set on new server (git-fixes).
- cifs: nosharesock should not share socket with future sessions
(bsc#1190317).
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317).
- cifs: properly invalidate cached root handle when closing it
(bsc#1190317).
- cifs: release lock earlier in dequeue_mid error case (bsc#1190317).
- cifs: set a minimum of 120s for next dns resolution (bsc#1190317).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317).
- cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656).
- cifs: support nested dfs links over reconnect (jsc#SLE-20656).
- cifs: support share failover when remounting (jsc#SLE-20656).
- cifs: To match file servers, make sure the server hostname matches
(bsc#1190317).
- config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for
production, only enabled on ppc64.
- constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm
feature which is available only on recent ARMv8.1 CPUs. This should
prevent scheduling the kernel on an older slower builder.
- cred: allow get_cred() and put_cred() to be given NULL (git-fixes).
- EDAC/amd64: Handle three rank interleaving mode (bsc#1114648).
- elfcore: correct reference to CONFIG_UML (git-fixes).
- elfcore: fix building with clang (bsc#1169514).
- fuse: release pipe buf after last use (bsc#1193318).
- genirq: Move initial affinity setup to irq_startup() (bsc#1193231).
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231).
- genirq: Remove mask argument from setup_affinity() (bsc#1193231).
- genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231).
- genirq: Split out irq_startup() code (bsc#1193231).
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- md: fix a lock order reversal in md_alloc (git-fixes).
- net: hso: fix control-request directions (git-fixes).
- net: hso: fix muxed tty registration (git-fixes).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Allow setting the number of queues while the NIC is down
(jsc#SLE-18779, bsc#1185727).
- net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779,
bsc#1185727).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port()
(jsc#SLE-18779, bsc#1185727).
- net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727).
- net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727).
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779,
bsc#1185727).
- net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no
IRQ is available (git-fixes).
- nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
- nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-fc: wait for queues to freeze before calling update_hr_hw_queues
(bsc#1183678).
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- objtool: Support Clang non-section symbols in ORC generation
(bsc#1169514).
- platform/x86: hp_accel: Fix an error handling path in
'lis3lv02d_probe()' (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
(git-fixes).
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
(git-fixes).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
(git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
(git-fixes).
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- scsi: lpfc: Add additional debugfs support for CMF (bsc1192145).
- scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145).
- scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145).
- scsi: lpfc: Change return code on I/Os received during link bounce
(bsc1192145).
- scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
(bsc1192145).
- scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145).
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited
LOGO (bsc#1189126).
- scsi: lpfc: Fix NPIV port deletion crash (bsc1192145).
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
(bsc1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145).
- scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
- scsi: qla2xxx: edif: Fix app start delay (git-fixes).
- scsi: qla2xxx: edif: Fix app start fail (git-fixes).
- scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
- scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo()
(git-fixes).
- scsi: qla2xxx: edif: Flush stale events and msgs on session down
(git-fixes).
- scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
(git-fixes).
- scsi: qla2xxx: Format log strings only if needed (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- smb3: add additional null check in SMB2_ioctl (bsc#1190317).
- smb3: add additional null check in SMB2_open (bsc#1190317).
- smb3: add additional null check in SMB2_tcon (bsc#1190317).
- smb3: correct server pointer dereferencing check to be more consistent
(bsc#1190317).
- smb3: correct smb3 ACL security descriptor (bsc#1190317).
- smb3: do not error on fsync when readonly (bsc#1190317).
- smb3: remove trivial dfs compile warning (jsc#SLE-20656).
- SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876
bsc#1192866).
- SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876
bsc#1192866).
- tracing: Check pid filtering when creating events (git-fixes).
- tracing: Fix pid filtering when triggers are attached (git-fixes).
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
- usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
- usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
- usb: serial: option: add prod. id for Quectel EG91 (git-fixes).
- usb: serial: option: add Quectel EC200S-CN module support (git-fixes).
- usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
- usb: serial: qcserial: add EM9191 QDL support (git-fixes).
- x86/msi: Force affinity setup before startup (bsc#1193231).
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648).
- x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648).
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version
(git-fixes).
- xen/blkfront: do not take local copy of a request from the ring page
(git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-68=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-68=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-68=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-68=1
- SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2022-68=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.106.1
kernel-default-debugsource-4.12.14-122.106.1
kernel-default-extra-4.12.14-122.106.1
kernel-default-extra-debuginfo-4.12.14-122.106.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.12.14-122.106.1
kernel-obs-build-debugsource-4.12.14-122.106.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.106.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.106.1
kernel-default-base-4.12.14-122.106.1
kernel-default-base-debuginfo-4.12.14-122.106.1
kernel-default-debuginfo-4.12.14-122.106.1
kernel-default-debugsource-4.12.14-122.106.1
kernel-default-devel-4.12.14-122.106.1
kernel-syms-4.12.14-122.106.1
- SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.106.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.106.1
kernel-macros-4.12.14-122.106.1
kernel-source-4.12.14-122.106.1
- SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.106.1
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.106.1
kernel-default-debugsource-4.12.14-122.106.1
kernel-default-kgraft-4.12.14-122.106.1
kernel-default-kgraft-devel-4.12.14-122.106.1
kgraft-patch-4_12_14-122_106-default-1-8.3.1
- SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.106.1
cluster-md-kmp-default-debuginfo-4.12.14-122.106.1
dlm-kmp-default-4.12.14-122.106.1
dlm-kmp-default-debuginfo-4.12.14-122.106.1
gfs2-kmp-default-4.12.14-122.106.1
gfs2-kmp-default-debuginfo-4.12.14-122.106.1
kernel-default-debuginfo-4.12.14-122.106.1
kernel-default-debugsource-4.12.14-122.106.1
ocfs2-kmp-default-4.12.14-122.106.1
ocfs2-kmp-default-debuginfo-4.12.14-122.106.1
References:
https://www.suse.com/security/cve/CVE-2018-25020.html
https://www.suse.com/security/cve/CVE-2019-15126.html
https://www.suse.com/security/cve/CVE-2020-27820.html
https://www.suse.com/security/cve/CVE-2021-0920.html
https://www.suse.com/security/cve/CVE-2021-0935.html
https://www.suse.com/security/cve/CVE-2021-28711.html
https://www.suse.com/security/cve/CVE-2021-28712.html
https://www.suse.com/security/cve/CVE-2021-28713.html
https://www.suse.com/security/cve/CVE-2021-28714.html
https://www.suse.com/security/cve/CVE-2021-28715.html
https://www.suse.com/security/cve/CVE-2021-33098.html
https://www.suse.com/security/cve/CVE-2021-4002.html
https://www.suse.com/security/cve/CVE-2021-43975.html
https://www.suse.com/security/cve/CVE-2021-43976.html
https://www.suse.com/security/cve/CVE-2021-45485.html
https://www.suse.com/security/cve/CVE-2021-45486.html
https://bugzilla.suse.com/1114648
https://bugzilla.suse.com/1124431
https://bugzilla.suse.com/1167162
https://bugzilla.suse.com/1169514
https://bugzilla.suse.com/1172073
https://bugzilla.suse.com/1179599
https://bugzilla.suse.com/1183678
https://bugzilla.suse.com/1183897
https://bugzilla.suse.com/1184804
https://bugzilla.suse.com/1185727
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1189126
https://bugzilla.suse.com/1189158
https://bugzilla.suse.com/1189305
https://bugzilla.suse.com/1189841
https://bugzilla.suse.com/1190317
https://bugzilla.suse.com/1190358
https://bugzilla.suse.com/1190428
https://bugzilla.suse.com/1191229
https://bugzilla.suse.com/1191384
https://bugzilla.suse.com/1191731
https://bugzilla.suse.com/1191876
https://bugzilla.suse.com/1192032
https://bugzilla.suse.com/1192145
https://bugzilla.suse.com/1192267
https://bugzilla.suse.com/1192740
https://bugzilla.suse.com/1192845
https://bugzilla.suse.com/1192847
https://bugzilla.suse.com/1192866
https://bugzilla.suse.com/1192877
https://bugzilla.suse.com/1192946
https://bugzilla.suse.com/1192974
https://bugzilla.suse.com/1193231
https://bugzilla.suse.com/1193306
https://bugzilla.suse.com/1193318
https://bugzilla.suse.com/1193440
https://bugzilla.suse.com/1193442
https://bugzilla.suse.com/1193575
https://bugzilla.suse.com/1193731
https://bugzilla.suse.com/1194087
https://bugzilla.suse.com/1194094
More information about the sle-security-updates
mailing list