Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:3415-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-12770 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2020-12770 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-3702 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-3702 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-34556 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-34556 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-35477 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2021-35477 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3653 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3653 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2021-3656 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3656 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2021-3669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3669 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3732 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-3732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3739 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3739 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-3743 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-3744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3744 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3752 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3752 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3753 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-3753 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3759 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3759 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3764 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3764 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38160 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38160 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38198 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-40490 ( SUSE ): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-40490 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Real Time 15 SP3
  • SUSE Real Time Module 15-SP3

An update that solves 18 vulnerabilities and has 119 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

  • CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
  • CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
  • CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
  • CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
  • CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
  • CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
  • CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
  • CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
  • CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
  • CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
  • CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
  • CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
  • CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
  • CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
  • CVE-2021-3653: Missing validation of the int_ctl VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
  • CVE-2021-3656: Missing validation of the the virt_ext VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
  • CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
  • CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).

The following non-security bugs were fixed:

  • ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
  • ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
  • ACPI: processor: Export function to claim _CST control (bsc#1175543)
  • ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
  • ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
  • ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
  • ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
  • ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
  • ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
  • ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (git-fixes).
  • ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes).
  • ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes).
  • ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
  • ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
  • ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (git-fixes).
  • ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
  • apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
  • ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes).
  • ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
  • ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
  • ASoC: Intel: Fix platform ID matching (git-fixes).
  • ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes).
  • ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
  • ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
  • ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
  • ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes).
  • ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
  • ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
  • ASoC: rt5682: Adjust headset volume button threshold (git-fixes).
  • ASoC: rt5682: Adjust headset volume button threshold again (git-fixes).
  • ASoC: rt5682: Implement remove callback (git-fixes).
  • ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
  • ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
  • ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
  • ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
  • ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
  • ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
  • ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
  • ath: Use safer key clearing with key cache entries (git-fixes).
  • ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
  • ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
  • ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
  • ath9k: fix sleeping in atomic context (git-fixes).
  • Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
  • backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
  • bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
  • bcma: Fix memory leak for internally-handled cores (git-fixes).
  • bdi: Do not use freezable workqueue (bsc#1189573).
  • blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
  • blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
  • blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  • blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  • blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
  • blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).