Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130)
- btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).
- Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
- libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).
- net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).
- net: bcmgenet: code movement (git-fixes).
- net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).
- net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
- net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
- net: bcmgenet: set Rx mode before starting netif (git-fixes).
- net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).
- net: bcmgenet: Use correct I/O accessors (git-fixes).
- net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
- net/mlx4_en: Handle TX error CQE (bsc#1181854).
- net: moxa: Fix a potential double 'free_irq()' (git-fixes).
- net: sun: fix missing release regions in cas_init_one() (git-fixes).
- nvme-multipath: Early exit if no path is available (bsc#1180964).
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617).
- usb: dwc2: Abort transaction after errors with unknown reason (bsc#1180262).
- usb: dwc2: Do not update data length if it is 0 on inbound transfers (bsc#1180262).
- usb: dwc2: Make 'trimming xfer length' a debug message (bsc#1180262).
- vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
Список пакетов
Image SLES15-SP1-Azure-BYOS
Image SLES15-SP1-Azure-HPC-BYOS
Image SLES15-SP1-CHOST-BYOS-Azure
Image SLES15-SP1-CHOST-BYOS-EC2
Image SLES15-SP1-CHOST-BYOS-GCE
Image SLES15-SP1-EC2-HPC-HVM-BYOS
Image SLES15-SP1-EC2-HVM-BYOS
Image SLES15-SP1-GCE-BYOS
Image SLES15-SP1-SAP-Azure
Image SLES15-SP1-SAP-Azure-BYOS
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP1-SAP-EC2-HVM
Image SLES15-SP1-SAP-EC2-HVM-BYOS
Image SLES15-SP1-SAP-GCE
Image SLES15-SP1-SAP-GCE-BYOS
Image SLES15-SP1-SAPCAL-Azure
Image SLES15-SP1-SAPCAL-EC2-HVM
Image SLES15-SP1-SAPCAL-GCE
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability Extension 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Live Patching 15 SP1
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
Ссылки
- Link for SUSE-SU-2021:0737-1
- E-Mail link for SUSE-SU-2021:0737-1
- SUSE Security Ratings
- SUSE Bug 1065600
- SUSE Bug 1163617
- SUSE Bug 1170442
- SUSE Bug 1176855
- SUSE Bug 1179082
- SUSE Bug 1179428
- SUSE Bug 1179660
- SUSE Bug 1180058
- SUSE Bug 1180262
- SUSE Bug 1180964
- SUSE Bug 1181671
- SUSE Bug 1181747
- SUSE Bug 1181753
- SUSE Bug 1181843
- SUSE Bug 1181854
- SUSE Bug 1182047
- SUSE Bug 1182130
Описание
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Затронутые продукты
Ссылки
- CVE-2020-29368
- SUSE Bug 1179428
- SUSE Bug 1179660
- SUSE Bug 1179664
Описание
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
Затронутые продукты
Ссылки
- CVE-2020-29374
- SUSE Bug 1179428
- SUSE Bug 1179660
Описание
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
Затронутые продукты
Ссылки
- CVE-2021-26930
- SUSE Bug 1181843
- SUSE Bug 1182294
Описание
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
Затронутые продукты
Ссылки
- CVE-2021-26931
- SUSE Bug 1181753
- SUSE Bug 1183022
Описание
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
Затронутые продукты
Ссылки
- CVE-2021-26932
- SUSE Bug 1181747