Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access (bsc#1179660, bsc#1179428).
- CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
- CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).
- CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
- CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
- CVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397).
- CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).
The following non-security bugs were fixed:
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).
- amba: Fix resource leak for drivers without .remove (git-fixes).
- bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455).
- bfq: update internal depth state when queue depth changes (bsc#1172455).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
- Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).
- Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170).
- bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163).
- bpf_lru_list: Read double-checked variable once without lock (git-fixes).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check all path components in resolved dfs target (bsc#1179755).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: fix nodfs mount option (bsc#1179755).
- cifs: introduce helper for finding referral server (bsc#1179755).
- cifs: New optype for session operations (bsc#1181507).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1104270).
- dmaengine: hsu: disable spurious interrupt (git-fixes).
- drm/amdgpu: Fix macro name AMDGPU_TRACE_H in preprocessor if (bsc#1129770)
- drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc#1142635)
- drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770)
- drm/compat: Clear bounce structures (bsc#1129770)
- drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048)
- drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770)
- drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152446)
- drm/mediatek: Fix aal size config (bsc#1129770)
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770)
- drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
- drm: mxsfb: check framebuffer pitch (bsc#1129770)
- drm/omap: fix max fclk divider for omap36xx (bsc#1152446)
- drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770)
- drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Put reference to VSP device (bsc#1129770)
- drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770)
- drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770)
- ethernet: alx: fix order of calls on resume (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770)
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
- fix setting irq affinity (bsc#1184583)
- futex: Prevent robust futex exit race (git-fixes).
- gma500: clean up error handling in init (bsc#1129770)
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- HID: make arrays usage and value to be the same (git-fixes).
- i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).
- i40e: Add zero-initialization of AQ command structures (bsc#1109837 bsc#1111981).
- i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981 ).
- i40e: Fix endianness conversions (bsc#1109837 bsc#1111981 ).
- IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1103991).
- ibmvnic: add comments for spinlock_t definitions (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: add memory barrier to protect long term buffer (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: avoid multiple line dereference (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Correctly re-enable interrupts in NAPI polling routine (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: create send_control_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: create send_query_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Do not replenish RX buffers after every polling loop (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591).
- ibmvnic: Ensure that device queue memory is cache-line aligned (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Ensure that SCRQ entry reads are correctly ordered (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: fix block comments (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: fix braces (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: fix miscellaneous checks (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (bsc#1184114 ltc#192237).
- ibmvnic: Fix TX completion error handling (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Fix use-after-free of VNIC login response buffer (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: handle inconsistent login with reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Harden device Command Response Queue handshake (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: no reset timeout for 5 seconds after reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: prefer strscpy over strlcpy (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: reduce wait for completion time (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: remove excessive irqsave (bsc#1065729).
- ibmvnic: remove never executed if statement (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: rename send_cap_queries to send_query_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: rename send_map_query to send_query_map (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- ibmvnic: send_login should check for crq errors (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: simplify reset_long_term_buff function (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791).
- ibmvnic: skip send_request_unmap for timeout reset (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591).
- ibmvnic: skip tx timeout reset while in resetting (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: stop free_all_rwi on failed reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: substitute mb() with dma_wmb() for send_crq functions (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791).
- ibmvnic: track pending login (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237).
- ice: Account for port VLAN in VF max packet size calculation (bsc#1118661).
- igc: check return value of ret_val in igc_config_fc_after_link_up (bsc#1118657).
- igc: Report speed and duplex as unknown when device is runtime suspended (jsc#SLE-4799).
- igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (bsc#1118657).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).
- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
- Input: i8042 - unbreak Pegatron C15B (git-fixes).
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).
- Input: xpad - sync supported devices with fork on GitHub (git-fixes).
- iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183378).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183379).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183380).
- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183381).
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (bsc#1113994).
- kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
- kabi/severities: Add rtas_online_cpus_mask, rtas_offline_cpus_mask
- kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183382).
- lib/crc32test: remove extra local_irq_disable/enable (git-fixes).
- locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE.
- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
- mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes).
- mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).
- net: bridge: use switchdev for port flags set through sysfs too (bsc#1112374).
- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
- net: core: introduce __netdev_notify_peers (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- net: hns3: add a check for index in hclge_get_rss_key() (bsc#1126390).
- net: hns3: add a check for queue_id in hclge_reset_vf_queue() (bsc#1104353).
- net: hns3: fix bug when calculating the TCAM table info (bsc#1104353).
- net: hns3: fix query vlan mask value error for flow director (bsc#1104353).
- net/mlx5e: Update max_opened_tc also when channels are closed (bsc#1103990).
- net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 (bsc#1119113).
- net: re-solve some conflicts after net -> net-next merge (bsc#1184114 ltc#192237 bsc#1176855 ltc#187293).
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes).
- platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes).
- powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).
- powerpc: Convert to using %pOFn instead of device_node.name (bsc#1181674 ltc#189159).
- powerpc: Fix some spelling mistakes (bsc#1181674 ltc#189159).
- powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159).
- powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159).
- powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159).
- powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes).
- powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530).
- powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159).
- powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159).
- powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159).
- powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159).
- powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159).
- powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159).
- powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159).
- powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159).
- powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159).
- powerpc/numa: Suppress 'VPHN is not supported' messages (bsc#1181674 ltc#189159).
- powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n (bsc#1181674 ltc#189159).
- powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855).
- powerpc/pseries: Generalize hcall_vphn() (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
- powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159).
- powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159).
- powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159).
- powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159).
- powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159).
- powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).
- powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159).
- powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159).
- powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159).
- powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159).
- powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159).
- powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159).
- powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159).
- powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159).
- powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159).
- powerpc/rtas: Unexport rtas_online_cpus_mask, rtas_offline_cpus_mask (bsc#1181674 ltc#189159).
- powerpc/vio: Use device_type to detect family (bsc#1181674 ltc#189159).
- printk: fix deadlock when kernel panic (bsc#1183018).
- pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530).
- pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- rcu: Allow only one expedited GP to run concurrently with (git-fixes)
- rcu: Fix missed wakeup of exp_wq waiters (git-fixes)
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (bsc#1103991).
- RDMA/rxe: Remove useless code in rxe_recv.c (bsc#1103992 ).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
- RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc (bsc#1103992).
- Revert 'ibmvnic: remove never executed if statement' (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290).
- rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165).
- s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165).
- s390/pci: Fix s390_mmio_read/write with MIO (LTC#192079 bsc#1183755).
- s390/vtime: fix increased steal time accounting (bsc#1183861).
- sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes)
- sched/vtime: Fix guest/system mis-accounting on task switch (git-fixes)
- scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix ancient double free (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).
- scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).
- scsi: lpfc: Fix kerneldoc inconsistency in lpfc_sli4_dump_page_a0() (bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).
- scsi: lpfc: Fix 'physical' typos (bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- selinux: never allow relabeling on context mounts (git-fixes).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
- Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846).
- Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846).
- usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).
- usbip: fix stub_dev to check for stream socket (git-fixes).
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).
- usbip: Fix unsafe unaligned pointer usage (git-fixes).
- usbip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- usbip: fix vhci_hcd to check for stream socket (git-fixes).
- usbip: tools: fix build error for multiple definition (git-fixes).
- usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes).
- usb: replace hardcode maximum usb string length by definition (git-fixes).
- usb: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- usb: serial: option: add Quectel EM160R-GL (git-fixes).
- usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1129770)
- video: fbdev: atmel_lcdfb: fix return error code in (bsc#1129770) Backporting notes: * context changes * fallout from trailing whitespaces
- vsprintf: Do not have bprintf dereference pointers (bsc#1184494).
- vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK) (bsc#1184494).
- vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers (bsc#1184494).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/ioapic: Ignore IRQ2 again (12sp5).
- x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (12sp5).
- xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xsk: Remove dangling function declaration from header file (bsc#1109837).
Список пакетов
Image SLES12-SP5-Azure-BYOS
Image SLES12-SP5-Azure-HPC-BYOS
Image SLES12-SP5-Azure-SAP-BYOS
Image SLES12-SP5-Azure-SAP-On-Demand
Image SLES12-SP5-EC2-BYOS
Image SLES12-SP5-EC2-ECS-On-Demand
Image SLES12-SP5-EC2-On-Demand
Image SLES12-SP5-EC2-SAP-BYOS
Image SLES12-SP5-EC2-SAP-On-Demand
Image SLES12-SP5-GCE-BYOS
Image SLES12-SP5-GCE-On-Demand
Image SLES12-SP5-GCE-SAP-BYOS
Image SLES12-SP5-GCE-SAP-On-Demand
Image SLES12-SP5-OCI-BYOS-BYOS
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise High Availability Extension 12 SP5
SUSE Linux Enterprise Live Patching 12 SP5
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
Ссылки
- Link for SUSE-SU-2021:1210-1
- E-Mail link for SUSE-SU-2021:1210-1
- SUSE Security Ratings
- SUSE Bug 1065600
- SUSE Bug 1065729
- SUSE Bug 1103990
- SUSE Bug 1103991
- SUSE Bug 1103992
- SUSE Bug 1104270
- SUSE Bug 1104353
- SUSE Bug 1109837
- SUSE Bug 1111981
- SUSE Bug 1112374
- SUSE Bug 1113295
- SUSE Bug 1113994
- SUSE Bug 1118657
- SUSE Bug 1118661
- SUSE Bug 1119113
- SUSE Bug 1126390
- SUSE Bug 1129770
Описание
In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299
Затронутые продукты
Ссылки
- CVE-2020-0433
- SUSE Bug 1176720
- SUSE Bug 1178066
- SUSE Bug 1187135
- SUSE Bug 1189302
Описание
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
Затронутые продукты
Ссылки
- CVE-2020-25670
- SUSE Bug 1178181
- SUSE Bug 1194680
Описание
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
Затронутые продукты
Ссылки
- CVE-2020-25671
- SUSE Bug 1178181
Описание
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
Затронутые продукты
Ссылки
- CVE-2020-25672
- SUSE Bug 1178181
Описание
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.
Затронутые продукты
Ссылки
- CVE-2020-25673
- SUSE Bug 1178181
Описание
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
Затронутые продукты
Ссылки
- CVE-2020-27170
- SUSE Bug 1183686
- SUSE Bug 1183775
Описание
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.
Затронутые продукты
Ссылки
- CVE-2020-27171
- SUSE Bug 1183686
- SUSE Bug 1183775
Описание
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-27815
- SUSE Bug 1179454
- SUSE Bug 1179458
Описание
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Затронутые продукты
Ссылки
- CVE-2020-29368
- SUSE Bug 1179428
- SUSE Bug 1179660
- SUSE Bug 1179664
Описание
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
Затронутые продукты
Ссылки
- CVE-2020-29374
- SUSE Bug 1179428
- SUSE Bug 1179660
Описание
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-35519
- SUSE Bug 1183696
- SUSE Bug 1184953
- SUSE Bug 1211495
Описание
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
Затронутые продукты
Ссылки
- CVE-2020-36311
- SUSE Bug 1184511
Описание
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.
Затронутые продукты
Ссылки
- CVE-2021-20219
- SUSE Bug 1184397
Описание
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
Затронутые продукты
Ссылки
- CVE-2021-26930
- SUSE Bug 1181843
- SUSE Bug 1182294
Описание
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
Затронутые продукты
Ссылки
- CVE-2021-26931
- SUSE Bug 1181753
- SUSE Bug 1183022
Описание
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
Затронутые продукты
Ссылки
- CVE-2021-26932
- SUSE Bug 1181747
Описание
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
Затронутые продукты
Ссылки
- CVE-2021-27363
- SUSE Bug 1182716
- SUSE Bug 1182717
- SUSE Bug 1183120
- SUSE Bug 1200084
Описание
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
Затронутые продукты
Ссылки
- CVE-2021-27364
- SUSE Bug 1182715
- SUSE Bug 1182716
- SUSE Bug 1182717
- SUSE Bug 1200084
- SUSE Bug 1214268
- SUSE Bug 1218966
Описание
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
Затронутые продукты
Ссылки
- CVE-2021-27365
- SUSE Bug 1182712
- SUSE Bug 1182715
- SUSE Bug 1183491
- SUSE Bug 1200084
- SUSE Bug 1214268
- SUSE Bug 1218966
Описание
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
Затронутые продукты
Ссылки
- CVE-2021-28038
- SUSE Bug 1183022
- SUSE Bug 1183069
Описание
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
Затронутые продукты
Ссылки
- CVE-2021-28660
- SUSE Bug 1183593
- SUSE Bug 1183658
Описание
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
Затронутые продукты
Ссылки
- CVE-2021-28688
- SUSE Bug 1183646
Описание
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.
Затронутые продукты
Ссылки
- CVE-2021-28964
- SUSE Bug 1184193
Описание
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
Затронутые продукты
Ссылки
- CVE-2021-28971
- SUSE Bug 1184196
Описание
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
Затронутые продукты
Ссылки
- CVE-2021-28972
- SUSE Bug 1184198
- SUSE Bug 1220060
Описание
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Затронутые продукты
Ссылки
- CVE-2021-29154
- SUSE Bug 1184391
- SUSE Bug 1184710
- SUSE Bug 1186408
Описание
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.
Затронутые продукты
Ссылки
- CVE-2021-29264
- SUSE Bug 1184168
Описание
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
Затронутые продукты
Ссылки
- CVE-2021-29265
- SUSE Bug 1184167
Описание
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
Затронутые продукты
Ссылки
- CVE-2021-29647
- SUSE Bug 1184192
Описание
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
Затронутые продукты
Ссылки
- CVE-2021-30002
- SUSE Bug 1184120
Описание
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
Затронутые продукты
Ссылки
- CVE-2021-3428
- SUSE Bug 1173485
- SUSE Bug 1183509
Описание
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
Затронутые продукты
Ссылки
- CVE-2021-3444
- SUSE Bug 1184170
- SUSE Bug 1184171
Описание
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected
Затронутые продукты
Ссылки
- CVE-2021-3483
- SUSE Bug 1184393