Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-22 fixes several issues.
The following issues were fixed:
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
kgraft-patch-4_12_14-95_71-default-5-2.2
kgraft-patch-4_12_14-95_68-default-6-2.2
kgraft-patch-4_12_14-95_65-default-7-2.2
kgraft-patch-4_12_14-95_60-default-10-2.2
kgraft-patch-4_12_14-95_57-default-11-2.2
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_32-default-13-2.2
kgraft-patch-4_12_14-122_29-default-13-2.2
kgraft-patch-4_12_14-122_26-default-13-2.2
kgraft-patch-4_12_14-122_63-default-5-2.2
kgraft-patch-4_12_14-122_60-default-6-2.2
kgraft-patch-4_12_14-122_57-default-7-2.2
kgraft-patch-4_12_14-122_54-default-7-2.2
kgraft-patch-4_12_14-122_51-default-9-2.2
kgraft-patch-4_12_14-122_46-default-9-2.2
kgraft-patch-4_12_14-122_41-default-11-2.2
kgraft-patch-4_12_14-122_37-default-12-2.2
SUSE Linux Enterprise Live Patching 15 SP1
kernel-livepatch-4_12_14-197_86-default-5-2.2
kernel-livepatch-4_12_14-197_83-default-6-2.2
kernel-livepatch-4_12_14-197_78-default-7-2.2
kernel-livepatch-4_12_14-197_75-default-7-2.2
kernel-livepatch-4_12_14-197_72-default-7-2.2
kernel-livepatch-4_12_14-197_67-default-8-2.2
kernel-livepatch-4_12_14-197_64-default-8-2.2
kernel-livepatch-4_12_14-197_61-default-9-2.2
kernel-livepatch-4_12_14-197_56-default-10-2.2
kernel-livepatch-4_12_14-197_51-default-11-2.2
kernel-livepatch-4_12_14-197_48-default-11-2.2
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_52-default-5-2.2
kernel-livepatch-5_3_18-24_49-default-6-2.2
kernel-livepatch-5_3_18-24_46-default-7-2.2
kernel-livepatch-5_3_18-24_43-default-7-2.2
kernel-livepatch-5_3_18-24_37-default-8-2.2
kernel-livepatch-5_3_18-24_34-default-8-2.2
kernel-livepatch-5_3_18-24_29-default-8-2.2
kernel-livepatch-5_3_18-24_24-default-10-2.2
kernel-livepatch-5_3_18-24_15-default-10-2.2
kernel-livepatch-5_3_18-24_12-default-10-2.2
kernel-livepatch-5_3_18-24_9-default-11-2.2
kernel-livepatch-5_3_18-22-default-12-5.2
Ссылки
- Link for SUSE-SU-2021:2025-1
- E-Mail link for SUSE-SU-2021:2025-1
- SUSE Security Ratings
- SUSE Bug 1185847
- SUSE Bug 1185899
- SUSE Bug 1186285
- SUSE CVE CVE-2021-32399 page
- SUSE CVE CVE-2021-33034 page
Описание
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-11-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-7-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-6-2.2
Ссылки
- CVE-2021-32399
- SUSE Bug 1184611
- SUSE Bug 1185898
- SUSE Bug 1185899
- SUSE Bug 1196174
- SUSE Bug 1200084
- SUSE Bug 1201734
Описание
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-11-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-7-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-6-2.2
Ссылки
- CVE-2021-33034
- SUSE Bug 1186111
- SUSE Bug 1186285