Описание
Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_138 fixes several issues.
The following issues were fixed:
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- Fixed a regression with the last livepatch which caused a kernel warning during sysfs read (bsc#1186235).
Список пакетов
SUSE Linux Enterprise Server 12 SP3-LTSS
kgraft-patch-4_4_180-94_141-default-5-2.2
kgraft-patch-4_4_180-94_138-default-6-2.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
kgraft-patch-4_4_180-94_141-default-5-2.2
kgraft-patch-4_4_180-94_138-default-6-2.2
Ссылки
- Link for SUSE-SU-2021:2042-1
- E-Mail link for SUSE-SU-2021:2042-1
- SUSE Security Ratings
- SUSE Bug 1185899
- SUSE Bug 1186235
- SUSE Bug 1186285
- SUSE CVE CVE-2021-32399 page
- SUSE CVE CVE-2021-33034 page
Описание
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_138-default-6-2.2
SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_141-default-5-2.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_138-default-6-2.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_141-default-5-2.2
Ссылки
- CVE-2021-32399
- SUSE Bug 1184611
- SUSE Bug 1185898
- SUSE Bug 1185899
- SUSE Bug 1196174
- SUSE Bug 1200084
- SUSE Bug 1201734
Описание
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_138-default-6-2.2
SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_141-default-5-2.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_138-default-6-2.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_141-default-5-2.2
Ссылки
- CVE-2021-33034
- SUSE Bug 1186111
- SUSE Bug 1186285