Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:14849-1
Rating:	important
References:	bsc#1183089 bsc#1184673 bsc#1186109 bsc#1187050 bsc#1187215 bsc#1188172 bsc#1188563 bsc#1188601 bsc#1188876 bsc#1189057 bsc#1189262 bsc#1189399 bsc#1190117 bsc#1190351 bsc#1191315 bsc#1191660 bsc#1191958 bsc#1192036 bsc#1192267 bsc#904899 bsc#905100
Cross-References:	CVE-2014-7841 CVE-2020-36385 CVE-2021-20265 CVE-2021-33033 CVE-2021-3542 CVE-2021-3609 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3679 CVE-2021-37159 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389
CVSS scores:	CVE-2020-36385 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36385 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20265 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20265 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33033 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3542 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3640 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3640 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3655 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3655 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3679 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37159 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37159 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3772 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3772 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2021-38160 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38160 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42008 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43389 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4

An update that solves 17 vulnerabilities and has four security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
• CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
• CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267).
• CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#904899 bnc#905100).
• CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089).
• CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673 bnc#1192036).
• CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1188876).
• CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
• CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315).
• CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
• CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
• CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
• CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399).
• CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
• CVE-2021-3609: A potential local privilege escalation in the CAN BCM networking protocol was fixed (bsc#1187215).
• CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050).

The following non-security bugs were fixed:

• sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
• sctp: fully initialize v4 addr in some functions (bsc#1188563).
• sctp: simplify addr copy (bsc#1188563).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4
  zypper in -t patch slessp4-kernel-14849=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-kernel-14849=1

Package List:

• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (s390x x86_64 i586 ppc64 nosrc)
  • kernel-default-3.0.101-108.132.1
  • kernel-trace-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (ppc64 s390x x86_64 i586)
  • kernel-default-devel-3.0.101-108.132.1
  • kernel-syms-3.0.101-108.132.1
  • kernel-default-base-3.0.101-108.132.1
  • kernel-source-3.0.101-108.132.1
  • kernel-trace-devel-3.0.101-108.132.1
  • kernel-trace-base-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (nosrc x86_64 i586)
  • kernel-xen-3.0.101-108.132.1
  • kernel-ec2-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (x86_64 i586)
  • kernel-xen-devel-3.0.101-108.132.1
  • kernel-ec2-base-3.0.101-108.132.1
  • kernel-ec2-devel-3.0.101-108.132.1
  • kernel-xen-base-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (nosrc i586)
  • kernel-pae-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (i586)
  • kernel-pae-base-3.0.101-108.132.1
  • kernel-pae-devel-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (ppc64 nosrc)
  • kernel-ppc64-3.0.101-108.132.1
  • kernel-bigmem-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (ppc64)
  • kernel-bigmem-base-3.0.101-108.132.1
  • kernel-ppc64-devel-3.0.101-108.132.1
  • kernel-ppc64-base-3.0.101-108.132.1
  • kernel-bigmem-devel-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (s390x)
  • kernel-default-man-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 nosrc)
  • kernel-default-3.0.101-108.132.1
  • kernel-trace-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64 i586)
  • kernel-default-devel-3.0.101-108.132.1
  • kernel-syms-3.0.101-108.132.1
  • kernel-default-base-3.0.101-108.132.1
  • kernel-source-3.0.101-108.132.1
  • kernel-trace-devel-3.0.101-108.132.1
  • kernel-trace-base-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64 i586)
  • kernel-xen-3.0.101-108.132.1
  • kernel-ec2-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
  • kernel-xen-devel-3.0.101-108.132.1
  • kernel-ec2-base-3.0.101-108.132.1
  • kernel-ec2-devel-3.0.101-108.132.1
  • kernel-xen-base-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc i586)
  • kernel-pae-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (i586)
  • kernel-pae-base-3.0.101-108.132.1
  • kernel-pae-devel-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64 nosrc)
  • kernel-ppc64-3.0.101-108.132.1
  • kernel-bigmem-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64)
  • kernel-bigmem-base-3.0.101-108.132.1
  • kernel-ppc64-devel-3.0.101-108.132.1
  • kernel-ppc64-base-3.0.101-108.132.1
  • kernel-bigmem-devel-3.0.101-108.132.1
• SUSE Linux Enterprise Server 11 SP4 (s390x)
  • kernel-default-man-3.0.101-108.132.1

References:

• https://www.suse.com/security/cve/CVE-2014-7841.html
• https://www.suse.com/security/cve/CVE-2020-36385.html
• https://www.suse.com/security/cve/CVE-2021-20265.html
• https://www.suse.com/security/cve/CVE-2021-33033.html
• https://www.suse.com/security/cve/CVE-2021-3542.html
• https://www.suse.com/security/cve/CVE-2021-3609.html
• https://www.suse.com/security/cve/CVE-2021-3640.html
• https://www.suse.com/security/cve/CVE-2021-3653.html
• https://www.suse.com/security/cve/CVE-2021-3655.html
• https://www.suse.com/security/cve/CVE-2021-3679.html
• https://www.suse.com/security/cve/CVE-2021-37159.html
• https://www.suse.com/security/cve/CVE-2021-3772.html
• https://www.suse.com/security/cve/CVE-2021-38160.html
• https://www.suse.com/security/cve/CVE-2021-38198.html
• https://www.suse.com/security/cve/CVE-2021-42008.html
• https://www.suse.com/security/cve/CVE-2021-42739.html
• https://www.suse.com/security/cve/CVE-2021-43389.html
• https://bugzilla.suse.com/show_bug.cgi?id=1183089
• https://bugzilla.suse.com/show_bug.cgi?id=1184673
• https://bugzilla.suse.com/show_bug.cgi?id=1186109
• https://bugzilla.suse.com/show_bug.cgi?id=1187050
• https://bugzilla.suse.com/show_bug.cgi?id=1187215
• https://bugzilla.suse.com/show_bug.cgi?id=1188172
• https://bugzilla.suse.com/show_bug.cgi?id=1188563
• https://bugzilla.suse.com/show_bug.cgi?id=1188601
• https://bugzilla.suse.com/show_bug.cgi?id=1188876
• https://bugzilla.suse.com/show_bug.cgi?id=1189057
• https://bugzilla.suse.com/show_bug.cgi?id=1189262
• https://bugzilla.suse.com/show_bug.cgi?id=1189399
• https://bugzilla.suse.com/show_bug.cgi?id=1190117
• https://bugzilla.suse.com/show_bug.cgi?id=1190351
• https://bugzilla.suse.com/show_bug.cgi?id=1191315
• https://bugzilla.suse.com/show_bug.cgi?id=1191660
• https://bugzilla.suse.com/show_bug.cgi?id=1191958
• https://bugzilla.suse.com/show_bug.cgi?id=1192036
• https://bugzilla.suse.com/show_bug.cgi?id=1192267
• https://bugzilla.suse.com/show_bug.cgi?id=904899
• https://bugzilla.suse.com/show_bug.cgi?id=905100