Описание
Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-24_52 fixes several issues.
The following security issues were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183658).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP1
SUSE Linux Enterprise Live Patching 15 SP2
Ссылки
- Link for SUSE-SU-2021:1395-1
- E-Mail link for SUSE-SU-2021:1395-1
- SUSE Security Ratings
- SUSE Bug 1182294
- SUSE Bug 1183658
- SUSE Bug 1184171
- SUSE CVE CVE-2021-28660 page
- SUSE CVE CVE-2021-28688 page
- SUSE CVE CVE-2021-3444 page
Описание
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
Затронутые продукты
Ссылки
- CVE-2021-28660
- SUSE Bug 1183593
- SUSE Bug 1183658
Описание
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
Затронутые продукты
Ссылки
- CVE-2021-28688
- SUSE Bug 1183646
Описание
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
Затронутые продукты
Ссылки
- CVE-2021-3444
- SUSE Bug 1184170
- SUSE Bug 1184171