Описание
Security update for the Linux Kernel (Live Patch 20 for SLE 15)
This update for the Linux Kernel 4.12.14-150_58 fixes several issues.
The following security issues were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646).
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
SUSE Linux Enterprise Live Patching 15
Ссылки
- Link for SUSE-SU-2021:1344-1
- E-Mail link for SUSE-SU-2021:1344-1
- SUSE Security Ratings
- SUSE Bug 1182294
- SUSE Bug 1184171
- SUSE CVE CVE-2021-26930 page
- SUSE CVE CVE-2021-26931 page
- SUSE CVE CVE-2021-28688 page
- SUSE CVE CVE-2021-3444 page
Описание
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
Затронутые продукты
Ссылки
- CVE-2021-26930
- SUSE Bug 1181843
- SUSE Bug 1182294
Описание
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
Затронутые продукты
Ссылки
- CVE-2021-26931
- SUSE Bug 1181753
- SUSE Bug 1183022
Описание
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
Затронутые продукты
Ссылки
- CVE-2021-28688
- SUSE Bug 1183646
Описание
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
Затронутые продукты
Ссылки
- CVE-2021-3444
- SUSE Bug 1184170
- SUSE Bug 1184171