Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-22 fixes several issues.
The following security issues were fixed:
- CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952).
- CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710)
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
kgraft-patch-4_12_14-95_71-default-4-2.2
kgraft-patch-4_12_14-95_68-default-5-2.2
kgraft-patch-4_12_14-95_65-default-6-2.2
kgraft-patch-4_12_14-95_60-default-9-2.2
kgraft-patch-4_12_14-95_57-default-10-2.2
kgraft-patch-4_12_14-95_54-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_63-default-4-2.2
SUSE Linux Enterprise Live Patching 15 SP1
kernel-livepatch-4_12_14-197_86-default-4-2.2
kernel-livepatch-4_12_14-197_83-default-5-2.2
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_52-default-4-2.2
kernel-livepatch-5_3_18-24_49-default-5-2.2
kernel-livepatch-5_3_18-24_46-default-6-2.2
kernel-livepatch-5_3_18-24_43-default-6-2.2
kernel-livepatch-5_3_18-24_37-default-7-2.2
kernel-livepatch-5_3_18-24_34-default-7-2.2
kernel-livepatch-5_3_18-24_29-default-7-2.2
kernel-livepatch-5_3_18-24_24-default-9-2.2
kernel-livepatch-5_3_18-24_15-default-9-2.2
kernel-livepatch-5_3_18-24_12-default-9-2.2
kernel-livepatch-5_3_18-24_9-default-10-2.2
kernel-livepatch-5_3_18-22-default-11-5.2
Ссылки
- Link for SUSE-SU-2021:1715-1
- E-Mail link for SUSE-SU-2021:1715-1
- SUSE Security Ratings
- SUSE Bug 1184710
- SUSE Bug 1184952
- SUSE CVE CVE-2020-36322 page
- SUSE CVE CVE-2021-29154 page
Описание
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_54-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-6-2.2
Ссылки
- CVE-2020-36322
- SUSE Bug 1184211
- SUSE Bug 1184952
- SUSE Bug 1189302
Описание
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_54-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-6-2.2
Ссылки
- CVE-2021-29154
- SUSE Bug 1184391
- SUSE Bug 1184710
- SUSE Bug 1186408