Описание
Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-24_75 fixes several issues.
The following security issues were fixed:
- CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
kgraft-patch-4_12_14-95_80-default-2-2.1
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_80-default-2-2.1
SUSE Linux Enterprise Live Patching 15
kernel-livepatch-4_12_14-150_75-default-2-2.1
SUSE Linux Enterprise Live Patching 15 SP1
kernel-livepatch-4_12_14-197_99-default-2-2.1
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_75-default-2-2.1
Ссылки
- Link for SUSE-SU-2021:2695-1
- E-Mail link for SUSE-SU-2021:2695-1
- SUSE Security Ratings
- SUSE Bug 1186483
- SUSE Bug 1188842
- SUSE CVE CVE-2021-22543 page
- SUSE CVE CVE-2021-37576 page
Описание
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_80-default-2-2.1
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_80-default-2-2.1
SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_99-default-2-2.1
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-2-2.1
Ссылки
- CVE-2021-22543
- SUSE Bug 1186482
- SUSE Bug 1186483
- SUSE Bug 1190276
- SUSE Bug 1197660
Описание
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_80-default-2-2.1
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_80-default-2-2.1
SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_99-default-2-2.1
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_75-default-2-2.1
Ссылки
- CVE-2021-37576
- SUSE Bug 1188838
- SUSE Bug 1188842
- SUSE Bug 1190276