Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-57 fixes several issues.
The following issues were fixed:
- CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bsc#1185640).
- CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bsc#1185641).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611).
- CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).
- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593).
- Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185847).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2021:2198-1
- E-Mail link for SUSE-SU-2021:2198-1
- SUSE Security Ratings
- SUSE Bug 1183658
- SUSE Bug 1184710
- SUSE Bug 1184952
- SUSE Bug 1185796
- SUSE Bug 1185847
- SUSE Bug 1185856
- SUSE Bug 1185899
- SUSE Bug 1186285
- SUSE CVE CVE-2020-36322 page
- SUSE CVE CVE-2021-28660 page
- SUSE CVE CVE-2021-29154 page
- SUSE CVE CVE-2021-32399 page
- SUSE CVE CVE-2021-33034 page
- SUSE CVE CVE-2021-3489 page
- SUSE CVE CVE-2021-3490 page
Описание
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
Затронутые продукты
Ссылки
- CVE-2020-36322
- SUSE Bug 1184211
- SUSE Bug 1184952
- SUSE Bug 1189302
Описание
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
Затронутые продукты
Ссылки
- CVE-2021-28660
- SUSE Bug 1183593
- SUSE Bug 1183658
Описание
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Затронутые продукты
Ссылки
- CVE-2021-29154
- SUSE Bug 1184391
- SUSE Bug 1184710
- SUSE Bug 1186408
Описание
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
Затронутые продукты
Ссылки
- CVE-2021-32399
- SUSE Bug 1184611
- SUSE Bug 1185898
- SUSE Bug 1185899
- SUSE Bug 1196174
- SUSE Bug 1200084
- SUSE Bug 1201734
Описание
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
Затронутые продукты
Ссылки
- CVE-2021-33034
- SUSE Bug 1186111
- SUSE Bug 1186285
Описание
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
Затронутые продукты
Ссылки
- CVE-2021-3489
- SUSE Bug 1185640
- SUSE Bug 1185856
Описание
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
Затронутые продукты
Ссылки
- CVE-2021-3490
- SUSE Bug 1185641
- SUSE Bug 1185796