Описание
Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_127 fixes several issues.
The following security issues were fixed:
- CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062)
- CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116)
- CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050)
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
kgraft-patch-4_12_14-95_77-default-3-2.1
kgraft-patch-4_12_14-95_74-default-4-2.1
kgraft-patch-4_12_14-95_71-default-7-2.2
kgraft-patch-4_12_14-95_65-default-9-2.2
kgraft-patch-4_12_14-95_60-default-12-2.2
kgraft-patch-4_12_14-95_57-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_77-default-2-2.1
kgraft-patch-4_12_14-122_74-default-2-2.1
kgraft-patch-4_12_14-122_71-default-4-2.1
kgraft-patch-4_12_14-122_66-default-5-2.1
kgraft-patch-4_12_14-122_63-default-7-2.2
kgraft-patch-4_12_14-122_60-default-8-2.2
kgraft-patch-4_12_14-122_57-default-9-2.2
kgraft-patch-4_12_14-122_54-default-9-2.2
kgraft-patch-4_12_14-122_51-default-11-2.2
kgraft-patch-4_12_14-122_46-default-11-2.2
kgraft-patch-4_12_14-122_41-default-13-2.2
kgraft-patch-4_12_14-122_37-default-14-2.2
kgraft-patch-4_12_14-122_32-default-15-2.2
kgraft-patch-4_12_14-122_29-default-15-2.2
SUSE Linux Enterprise Live Patching 15
kernel-livepatch-4_12_14-150_72-default-4-2.1
kernel-livepatch-4_12_14-150_69-default-7-2.2
kernel-livepatch-4_12_14-150_66-default-8-2.2
kernel-livepatch-4_12_14-150_63-default-10-2.2
kernel-livepatch-4_12_14-150_58-default-12-2.2
kernel-livepatch-4_12_14-150_55-default-13-2.2
SUSE Linux Enterprise Live Patching 15 SP1
kernel-livepatch-4_12_14-197_92-default-3-2.1
kernel-livepatch-4_12_14-197_89-default-4-2.1
kernel-livepatch-4_12_14-197_86-default-7-2.2
kernel-livepatch-4_12_14-197_75-default-9-2.2
kernel-livepatch-4_12_14-197_67-default-10-2.2
kernel-livepatch-4_12_14-197_64-default-10-2.2
kernel-livepatch-4_12_14-197_61-default-11-2.2
kernel-livepatch-4_12_14-197_51-default-13-2.2
kernel-livepatch-4_12_14-197_48-default-13-2.2
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_67-default-2-2.1
kernel-livepatch-5_3_18-24_64-default-4-2.1
kernel-livepatch-5_3_18-24_61-default-4-2.1
kernel-livepatch-5_3_18-24_52-default-7-2.2
kernel-livepatch-5_3_18-24_37-default-10-2.2
kernel-livepatch-5_3_18-24_34-default-10-2.2
kernel-livepatch-5_3_18-24_29-default-10-2.2
kernel-livepatch-5_3_18-24_24-default-12-2.2
kernel-livepatch-5_3_18-24_15-default-12-2.2
kernel-livepatch-5_3_18-24_12-default-12-2.2
kernel-livepatch-5_3_18-24_9-default-13-2.2
kernel-livepatch-5_3_18-22-default-14-5.2
SUSE Linux Enterprise Server 12 SP3-LTSS
kgraft-patch-4_4_180-94_144-default-4-2.1
kgraft-patch-4_4_180-94_141-default-7-2.2
kgraft-patch-4_4_180-94_138-default-8-2.2
kgraft-patch-4_4_180-94_135-default-10-2.2
kgraft-patch-4_4_180-94_130-default-12-2.2
kgraft-patch-4_4_180-94_127-default-13-2.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
kgraft-patch-4_4_180-94_144-default-4-2.1
kgraft-patch-4_4_180-94_141-default-7-2.2
kgraft-patch-4_4_180-94_138-default-8-2.2
kgraft-patch-4_4_180-94_135-default-10-2.2
kgraft-patch-4_4_180-94_130-default-12-2.2
kgraft-patch-4_4_180-94_127-default-13-2.2
Ссылки
- Link for SUSE-SU-2021:2538-1
- E-Mail link for SUSE-SU-2021:2538-1
- SUSE Security Ratings
- SUSE Bug 1187052
- SUSE Bug 1188117
- SUSE Bug 1188257
- SUSE CVE CVE-2020-36385 page
- SUSE CVE CVE-2021-22555 page
- SUSE CVE CVE-2021-33909 page
Описание
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-12-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-7-2.2
Ссылки
- CVE-2020-36385
- SUSE Bug 1187050
- SUSE Bug 1187052
- SUSE Bug 1189302
- SUSE Bug 1196174
- SUSE Bug 1196810
- SUSE Bug 1196914
- SUSE Bug 1200084
- SUSE Bug 1201734
Описание
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-12-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-7-2.2
Ссылки
- CVE-2021-22555
- SUSE Bug 1188116
- SUSE Bug 1188117
- SUSE Bug 1188411
Описание
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-12-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-7-2.2
Ссылки
- CVE-2021-33909
- SUSE Bug 1188062
- SUSE Bug 1188063
- SUSE Bug 1188257
- SUSE Bug 1189302
- SUSE Bug 1190859