Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:3205-2
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-12770 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2020-12770 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-34556 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-34556 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-35477 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2021-35477 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3640 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3640 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3653 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3653 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2021-3656 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3656 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2021-3679 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3679 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3732 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-3732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3739 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3739 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-3743 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-3753 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-3753 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3759 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3759 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38160 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38160 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38166 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38198 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38204 ( SUSE ): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38204 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-38205 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-38205 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • CVE-2021-38206 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38206 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38207 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-38209 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-38209 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise Micro 5.1

An update that solves 20 vulnerabilities and has 106 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
  • CVE-2021-3653: Missing validation of the int_ctl VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
  • CVE-2021-3656: Missing validation of the the virt_ext VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
  • CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
  • CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
  • CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
  • CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
  • CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
  • CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
  • CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
  • CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
  • CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
  • CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
  • CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ).
  • CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393).
  • CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296).
  • CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
  • CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
  • CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
  • CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).

The following non-security bugs were fixed:

  • ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
  • ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
  • ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
  • ACPI: processor: Export function to claim _CST control (bsc#1175543)
  • ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
  • ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
  • ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
  • ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes).
  • ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes).
  • ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes).
  • ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes).
  • ALSA: hda/realtek - Add type for ALC287 (git-fixes).
  • ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes).
  • ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
  • ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
  • ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
  • ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
  • ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes).
  • ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes).
  • ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
  • ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
  • ALSA: hda: Fix hang during shutdown due to link reset (git-fixes).
  • ALSA: hda: Release controller display power during shutdown/reboot (git-fixes).
  • ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes).
  • ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
  • ALSA: seq: Fix racy deletion of subscriber (git-fixes).
  • ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
  • ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes).
  • ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
  • ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
  • ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
  • ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
  • ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
  • ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes).
  • ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes).
  • ASoC: amd: Fix reference to PCM buffer address (git-fixes).
  • ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes).
  • ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
  • ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).<