Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:0743-1
Rating:	important
References:	bsc#1177440 bsc#1178372 bsc#1181747 bsc#1181753 bsc#1181843 bsc#1182175
Cross-References:	CVE-2020-28374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932
CVSS scores:	CVE-2020-28374 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26931 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-26931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26932 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-26932 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	HPE Helion OpenStack 8 SUSE Linux Enterprise High Availability Extension 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8

An update that solves four vulnerabilities and has two security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
• CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
• CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
• CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).

The following non-security bugs were fixed:

• cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
• xen/netback: fix spurious event detection for common event case (bsc#1182175).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-HA-12-SP3-2021-743=1 SUSE-SLE-SAP-12-SP3-2021-743=1
• SUSE Linux Enterprise High Availability Extension 12 SP3
  zypper in -t patch SUSE-SLE-HA-12-SP3-2021-743=1
• HPE Helion OpenStack 8
  zypper in -t patch HPE-Helion-OpenStack-8-2021-743=1
• SUSE OpenStack Cloud 8
  zypper in -t patch SUSE-OpenStack-Cloud-8-2021-743=1
• SUSE OpenStack Cloud Crowbar 8
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-743=1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-743=1
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-ESPOS-2021-743=1
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-743=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • gfs2-kmp-default-4.4.180-94.141.2
  • cluster-md-kmp-default-debuginfo-4.4.180-94.141.2
  • kernel-default-kgraft-4.4.180-94.141.2
  • kernel-default-base-4.4.180-94.141.2
  • cluster-md-kmp-default-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-1-4.3.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • gfs2-kmp-default-debuginfo-4.4.180-94.141.2
  • kernel-default-base-debuginfo-4.4.180-94.141.2
  • kernel-syms-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • kernel-default-devel-4.4.180-94.141.2
  • ocfs2-kmp-default-4.4.180-94.141.2
  • ocfs2-kmp-default-debuginfo-4.4.180-94.141.2
  • dlm-kmp-default-debuginfo-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-debuginfo-1-4.3.2
  • dlm-kmp-default-4.4.180-94.141.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (nosrc ppc64le x86_64)
  • kernel-default-4.4.180-94.141.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (noarch)
  • kernel-macros-4.4.180-94.141.2
  • kernel-source-4.4.180-94.141.2
  • kernel-devel-4.4.180-94.141.2
• SUSE Linux Enterprise High Availability Extension 12 SP3 (ppc64le s390x x86_64)
  • gfs2-kmp-default-4.4.180-94.141.2
  • cluster-md-kmp-default-debuginfo-4.4.180-94.141.2
  • cluster-md-kmp-default-4.4.180-94.141.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • gfs2-kmp-default-debuginfo-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • ocfs2-kmp-default-4.4.180-94.141.2
  • ocfs2-kmp-default-debuginfo-4.4.180-94.141.2
  • dlm-kmp-default-debuginfo-4.4.180-94.141.2
  • dlm-kmp-default-4.4.180-94.141.2
• SUSE Linux Enterprise High Availability Extension 12 SP3 (nosrc)
  • kernel-default-4.4.180-94.141.2
• HPE Helion OpenStack 8 (nosrc x86_64)
  • kernel-default-4.4.180-94.141.2
• HPE Helion OpenStack 8 (x86_64)
  • kernel-default-kgraft-4.4.180-94.141.2
  • kernel-default-base-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-1-4.3.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • kernel-default-base-debuginfo-4.4.180-94.141.2
  • kernel-syms-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • kernel-default-devel-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-debuginfo-1-4.3.2
• HPE Helion OpenStack 8 (noarch)
  • kernel-macros-4.4.180-94.141.2
  • kernel-source-4.4.180-94.141.2
  • kernel-devel-4.4.180-94.141.2
• SUSE OpenStack Cloud 8 (nosrc x86_64)
  • kernel-default-4.4.180-94.141.2
• SUSE OpenStack Cloud 8 (x86_64)
  • kernel-default-kgraft-4.4.180-94.141.2
  • kernel-default-base-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-1-4.3.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • kernel-default-base-debuginfo-4.4.180-94.141.2
  • kernel-syms-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • kernel-default-devel-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-debuginfo-1-4.3.2
• SUSE OpenStack Cloud 8 (noarch)
  • kernel-macros-4.4.180-94.141.2
  • kernel-source-4.4.180-94.141.2
  • kernel-devel-4.4.180-94.141.2
• SUSE OpenStack Cloud Crowbar 8 (nosrc x86_64)
  • kernel-default-4.4.180-94.141.2
• SUSE OpenStack Cloud Crowbar 8 (x86_64)
  • kernel-default-kgraft-4.4.180-94.141.2
  • kernel-default-base-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-1-4.3.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • kernel-default-base-debuginfo-4.4.180-94.141.2
  • kernel-syms-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • kernel-default-devel-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-debuginfo-1-4.3.2
• SUSE OpenStack Cloud Crowbar 8 (noarch)
  • kernel-macros-4.4.180-94.141.2
  • kernel-source-4.4.180-94.141.2
  • kernel-devel-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (nosrc x86_64)
  • kernel-default-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (x86_64)
  • kernel-default-base-4.4.180-94.141.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • kernel-default-base-debuginfo-4.4.180-94.141.2
  • kernel-syms-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • kernel-default-devel-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (noarch)
  • kernel-macros-4.4.180-94.141.2
  • kernel-source-4.4.180-94.141.2
  • kernel-devel-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (aarch64 nosrc x86_64)
  • kernel-default-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (aarch64 x86_64)
  • kernel-default-base-4.4.180-94.141.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • kernel-default-base-debuginfo-4.4.180-94.141.2
  • kernel-syms-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • kernel-default-devel-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (noarch)
  • kernel-macros-4.4.180-94.141.2
  • kernel-source-4.4.180-94.141.2
  • kernel-devel-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (x86_64)
  • kgraft-patch-4_4_180-94_141-default-debuginfo-1-4.3.2
  • kernel-default-kgraft-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-1-4.3.2
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (aarch64 ppc64le s390x x86_64)
  • kernel-default-base-4.4.180-94.141.2
  • kernel-default-debugsource-4.4.180-94.141.2
  • kernel-default-base-debuginfo-4.4.180-94.141.2
  • kernel-syms-4.4.180-94.141.2
  • kernel-default-debuginfo-4.4.180-94.141.2
  • kernel-default-devel-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (noarch)
  • kernel-macros-4.4.180-94.141.2
  • kernel-source-4.4.180-94.141.2
  • kernel-devel-4.4.180-94.141.2
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (ppc64le x86_64)
  • kgraft-patch-4_4_180-94_141-default-debuginfo-1-4.3.2
  • kernel-default-kgraft-4.4.180-94.141.2
  • kgraft-patch-4_4_180-94_141-default-1-4.3.2
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (s390x)
  • kernel-default-man-4.4.180-94.141.2

References:

• https://www.suse.com/security/cve/CVE-2020-28374.html
• https://www.suse.com/security/cve/CVE-2021-26930.html
• https://www.suse.com/security/cve/CVE-2021-26931.html
• https://www.suse.com/security/cve/CVE-2021-26932.html
• https://bugzilla.suse.com/show_bug.cgi?id=1177440
• https://bugzilla.suse.com/show_bug.cgi?id=1178372
• https://bugzilla.suse.com/show_bug.cgi?id=1181747
• https://bugzilla.suse.com/show_bug.cgi?id=1181753
• https://bugzilla.suse.com/show_bug.cgi?id=1181843
• https://bugzilla.suse.com/show_bug.cgi?id=1182175