Описание
Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_138 fixes several issues.
The following security issues were fixed:
- CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952).
- CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710)
Список пакетов
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2021:1870-1
- E-Mail link for SUSE-SU-2021:1870-1
- SUSE Security Ratings
- SUSE Bug 1184710
- SUSE Bug 1184952
- SUSE CVE CVE-2020-36322 page
- SUSE CVE CVE-2021-29154 page
Описание
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
Затронутые продукты
Ссылки
- CVE-2020-36322
- SUSE Bug 1184211
- SUSE Bug 1184952
- SUSE Bug 1189302
Описание
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Затронутые продукты
Ссылки
- CVE-2021-29154
- SUSE Bug 1184391
- SUSE Bug 1184710
- SUSE Bug 1186408