Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
- CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
- CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28950: Fixed an infinite loop because a retry loop continually finds the same bad inode (bsc#1184194).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2021-20261: Fixed a race condition in the implementation of the floppy disk drive controller driver software (bsc#1183400).
- CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation which could have caused a system crash (bsc#1184211).
- CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
The following non-security bugs were fixed:
- md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1056134, bsc#1180963).
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2021:14724-1
- E-Mail link for SUSE-SU-2021:14724-1
- SUSE Security Ratings
- SUSE Bug 1056134
- SUSE Bug 1180963
- SUSE Bug 1182715
- SUSE Bug 1182716
- SUSE Bug 1182717
- SUSE Bug 1183400
- SUSE Bug 1183696
- SUSE Bug 1184120
- SUSE Bug 1184194
- SUSE Bug 1184198
- SUSE Bug 1184208
- SUSE Bug 1184211
- SUSE Bug 1184393
- SUSE CVE CVE-2020-35519 page
- SUSE CVE CVE-2020-36322 page
- SUSE CVE CVE-2021-20261 page
- SUSE CVE CVE-2021-27363 page
Описание
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-35519
- SUSE Bug 1183696
- SUSE Bug 1184953
- SUSE Bug 1211495
Описание
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
Затронутые продукты
Ссылки
- CVE-2020-36322
- SUSE Bug 1184211
- SUSE Bug 1184952
- SUSE Bug 1189302
Описание
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
Затронутые продукты
Ссылки
- CVE-2021-20261
- SUSE Bug 1183400
- SUSE Bug 1183402
Описание
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
Затронутые продукты
Ссылки
- CVE-2021-27363
- SUSE Bug 1182716
- SUSE Bug 1182717
- SUSE Bug 1183120
- SUSE Bug 1200084
Описание
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
Затронутые продукты
Ссылки
- CVE-2021-27364
- SUSE Bug 1182715
- SUSE Bug 1182716
- SUSE Bug 1182717
- SUSE Bug 1200084
- SUSE Bug 1214268
- SUSE Bug 1218966
Описание
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
Затронутые продукты
Ссылки
- CVE-2021-27365
- SUSE Bug 1182712
- SUSE Bug 1182715
- SUSE Bug 1183491
- SUSE Bug 1200084
- SUSE Bug 1214268
- SUSE Bug 1218966
Описание
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.
Затронутые продукты
Ссылки
- CVE-2021-28950
- SUSE Bug 1184194
- SUSE Bug 1184211
Описание
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
Затронутые продукты
Ссылки
- CVE-2021-28972
- SUSE Bug 1184198
- SUSE Bug 1220060
Описание
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
Затронутые продукты
Ссылки
- CVE-2021-29650
- SUSE Bug 1184208
Описание
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
Затронутые продукты
Ссылки
- CVE-2021-30002
- SUSE Bug 1184120
Описание
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected
Затронутые продукты
Ссылки
- CVE-2021-3483
- SUSE Bug 1184393