Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:1175-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-0433 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0433 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27170 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-27170 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-27171 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-27171 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-27815 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27815 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29368 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29368 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29374 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2020-29374 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2020-35519 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-35519 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2021-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-26931 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-26931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-26932 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-26932 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-27363 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-27363 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2021-27364 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-27364 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-27365 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-27365 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28038 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28038 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28660 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2021-28660 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28688 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28688 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28964 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28964 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28971 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28972 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28972 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-29264 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29264 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29265 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29265 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-29647 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3428 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2021-3428 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3444 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3444 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 24 vulnerabilities and has 51 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
  • CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
  • CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
  • CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
  • CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
  • CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
  • CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
  • CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
  • CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
  • CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
  • CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
  • CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
  • CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
  • CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
  • CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
  • CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
  • CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
  • CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
  • CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
  • CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
  • CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
  • CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
  • CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).

The following non-security bugs were fixed:

  • ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
  • ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
  • ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
  • ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).
  • amba: Fix resource leak for drivers without .remove (git-fixes).
  • bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455).
  • bfq: update internal depth state when queue depth changes (bsc#1172455).
  • block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
  • Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
  • Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).
  • Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes).
  • bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
  • bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
  • bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170).
  • bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163).
  • bpf_lru_list: Read double-checked variable once without lock (git-fixes).
  • bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
  • bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
  • bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
  • can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
  • can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
  • can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
  • can: peak_usb: add forgotten supported devices (git-fixes).
  • can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes).
  • can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
  • cifs: change noisy error message to FYI (bsc#1181507).
  • cifs: check all path components in resolved dfs target (bsc#1179755).
  • cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
  • cifs: fix nodfs mount option (bsc#1179755).
  • cifs: introduce helper for finding referral server (bsc#1179755).
  • cifs: New optype for session operations (bsc#1181507).
  • cifs: print MIDs in decimal notation (bsc#1181507).
  • cifs: return proper error code in statfs(2) (bsc#1181507).
  • cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
  • cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1104270).
  • dmaengine: hsu: disable spurious interrupt (git-fixes).
  • drm/amdgpu: Fix macro name AMDGPU_TRACE_H in preprocessor if (bsc#1129770) Backporting notes: * context changes
  • drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc#1142635) Backporting notes: * taken for 427c4a0680a2 ("drm/vc4: crtc: Rework a bit the CRTC state code") * renamed drm_atomic_state_helper.{c,h} to drm_atomic_helper.{c,h} * context changes
  • drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770) Backporting notes: * context changes
  • drm/compat: Clear bounce structures (bsc#1129770) Backporting notes: * context changes
  • drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048) Backporting notes: * context changes
  • drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770)
  • drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152446) Backporting notes: * context changes
  • drm/mediatek: Fix aal size config (bsc#1129770) Backporting notes: * access I/O memory with writel()
  • drm: meson_drv add shutdown function (git-fixes).
  • drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
  • drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770)
  • drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
  • drm: mxsfb: check framebuffer pitch (bsc#1129770) Backporting notes: * context changes
  • drm/omap: fix max fclk divider for omap36xx (bsc#1152446)
  • drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770)
  • drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770) Backporting notes: * context changes
  • drm/radeon: fix AGP dependency (git-fixes).
  • drm: rcar-du: Put reference to VSP device (bsc#1129770) Backporting notes: * context changes
  • drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770) Backporting notes: * context changes
  • drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770) Backporting notes: * context changes
  • ethernet: alx: fix order of calls on resume (git-fixes).
  • fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770)
  • firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
  • futex: Prevent robust futex exit race (git-fixes).
  • gma500: clean up error handling in init (bsc#1129770)
  • gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
  • HID: make arrays usage and value to be the same (git-fixes).
  • i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).
  • i40e: Add zero-initialization of AQ command structures (bsc#1109837 bsc#1111981).
  • i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981 ).
  • i40e: Fix endianness conversions (bsc#1109837 bsc#1111981 ).
  • IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1103991).
  • ibmvnic: add comments for spinlock_t definitions (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
  • ibmvnic: add memory barrier to protect long term buffer (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591).
  • ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
  • ibmvnic: avoid multiple line dereference (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
  • ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
  • ibmvnic: Correctly re-enable interrupts in NAPI polling routine (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
  • ibmvnic: create send_control_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
  • ibmvnic: create send_query_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
  • ibmvnic: Do not replenish RX buffers after every polling loop (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
  • ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1184114 ltc#192237 bsc#1182485 ltc