SUSE alert SUSE-SU-2021:3848-1 (kernel)
| From: | sle-security-updates@lists.suse.com | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2021:3848-1: important: Security update for the Linux Kernel | |
| Date: | Wed, 01 Dec 2021 21:44:16 +0100 | |
| Message-ID: | <20211201204416.AE9CCFD2F@maintenance.suse.de> |
SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3848-1 Rating: important References: #1094840 #1114648 #1141655 #1188601 #1190351 #1190397 #1190523 #1190795 #1191713 #1191790 #1191888 #1191961 #1192045 #1192267 #1192273 #1192379 #1192718 #1192750 #1192753 #1192781 #1192802 #1192906 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVE-2021-37159 CVE-2021-3772 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 16 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). The following non-security bugs were fixed: - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1114648). - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move owner type, jited info into array auxiliary data (bsc#1141655). - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1191888). - config.sh: Build cve/linux-4.12 against SLE15-SP1. SLE15 is no longer updated and we will need recent update to suse-module-tools to continue building the kernel. - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - ethernet: dwmac-stm32: Fix copyright (git-fixes). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - fuse: fix page stealing (bsc#1192718). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hrtimer: Move copyout of remaining time to do_nanosleep() (bsc#1191713). - hrtimer_nanosleep(): Pass rmtp in restart_block (bsc#1191713). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - i2c: synquacer: fix deferred probing (git-fixes). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipv4: fix race condition between route lookup and invalidation (bsc#1190397). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1191713). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mpt3sas: fix spectre issues (bsc#1192802). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net: stmmac: Avoid VLA usage (git-fixes). - net: stmmac: First Queue must always be in DCB mode (git-fixes). - net: stmmac: Fix TX timestamp calculation (git-fixes). - net: stmmac: Fix bad RX timestamp extraction (git-fixes). - net: stmmac: Fix stmmac_get_rx_hwtstamp() (git-fixes). - net: stmmac: Prevent infinite loop in get_rx_timestamp_status() (git-fixes). - net: stmmac: WARN if tx_skbuff entries are reused before cleared (git-fixes). - net: stmmac: add error handling in stmmac_mtl_setup() (git-fixes). - net: stmmac: discard disabled flags in interrupt status register (git-fixes). - net: stmmac: do not clear tx_skbuff entries in stmmac_xmit()/stmmac_tso_xmit() (git-fixes). - net: stmmac: dwc-qos-eth: Fix typo in DT bindings parsing (git-fixes). - net: stmmac: ensure that the MSS desc is the last desc to set the own bit (git-fixes). - net: stmmac: fix LPI transitioning for dwmac4 (git-fixes). - net: stmmac: honor error code from stmmac_dt_phy() (git-fixes). - net: stmmac: make dwmac4_release_tx_desc() clear all descriptor fields (git-fixes). - net: stmmac: remove redundant enable of PMT irq (git-fixes). - net: stmmac: rename GMAC_INT_DEFAULT_MASK for dwmac4 (git-fixes). - net: stmmac: use correct barrier between coherent memory and MMIO (git-fixes). - objtool-don-t-fail-on-missing-symbol-table.patch needed for vanilla flavor as well. - objtool: Do not fail on missing symbol table (bsc#1192379). - ocfs2: Fix data corruption on truncate (bsc#1190795). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - prctl: allow to setup brk for et_dyn executables (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - stmmac: copy unicast mac address to MAC registers (git-fixes). - stmmac: use of_property_read_u32 instead of read_u8 (git-fixes). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3848=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.80.1 kernel-azure-base-4.12.14-16.80.1 kernel-azure-base-debuginfo-4.12.14-16.80.1 kernel-azure-debuginfo-4.12.14-16.80.1 kernel-azure-debugsource-4.12.14-16.80.1 kernel-azure-devel-4.12.14-16.80.1 kernel-syms-azure-4.12.14-16.80.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.80.1 kernel-source-azure-4.12.14-16.80.1 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3772.html https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1141655 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190397 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1190795 https://bugzilla.suse.com/1191713 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191888 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192379 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192906