Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-57 fixes several issues.
The following security issues were fixed:
- CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
- CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
kgraft-patch-4_12_14-95_77-default-4-2.1
kgraft-patch-4_12_14-95_74-default-5-2.1
kgraft-patch-4_12_14-95_71-default-8-2.2
kgraft-patch-4_12_14-95_68-default-9-2.2
kgraft-patch-4_12_14-95_65-default-10-2.2
kgraft-patch-4_12_14-95_60-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_77-default-3-2.1
kgraft-patch-4_12_14-122_74-default-3-2.1
kgraft-patch-4_12_14-122_71-default-5-2.1
kgraft-patch-4_12_14-122_66-default-6-2.1
kgraft-patch-4_12_14-122_63-default-8-2.2
kgraft-patch-4_12_14-122_60-default-9-2.2
kgraft-patch-4_12_14-122_57-default-10-2.2
kgraft-patch-4_12_14-122_54-default-10-2.2
kgraft-patch-4_12_14-122_51-default-12-2.2
kgraft-patch-4_12_14-122_46-default-12-2.2
kgraft-patch-4_12_14-122_41-default-14-2.2
kgraft-patch-4_12_14-122_37-default-15-2.2
kgraft-patch-4_12_14-122_32-default-16-2.2
SUSE Linux Enterprise Live Patching 15
kernel-livepatch-4_12_14-150_72-default-5-2.1
kernel-livepatch-4_12_14-150_69-default-8-2.2
kernel-livepatch-4_12_14-150_66-default-9-2.2
kernel-livepatch-4_12_14-150_63-default-11-2.2
kernel-livepatch-4_12_14-150_58-default-13-2.2
SUSE Linux Enterprise Live Patching 15 SP1
kernel-livepatch-4_12_14-197_92-default-4-2.1
kernel-livepatch-4_12_14-197_89-default-5-2.1
kernel-livepatch-4_12_14-197_86-default-8-2.2
kernel-livepatch-4_12_14-197_83-default-9-2.2
kernel-livepatch-4_12_14-197_78-default-10-2.2
kernel-livepatch-4_12_14-197_75-default-10-2.2
kernel-livepatch-4_12_14-197_72-default-10-2.2
kernel-livepatch-4_12_14-197_67-default-11-2.2
kernel-livepatch-4_12_14-197_64-default-11-2.2
kernel-livepatch-4_12_14-197_61-default-12-2.2
kernel-livepatch-4_12_14-197_56-default-13-2.2
kernel-livepatch-4_12_14-197_51-default-14-2.2
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_70-default-3-2.1
kernel-livepatch-5_3_18-24_53_4-default-3-2.1
kernel-livepatch-5_3_18-24_67-default-3-2.1
kernel-livepatch-5_3_18-24_64-default-5-2.1
kernel-livepatch-5_3_18-24_61-default-5-2.1
kernel-livepatch-5_3_18-24_52-default-8-2.2
kernel-livepatch-5_3_18-24_49-default-9-2.2
kernel-livepatch-5_3_18-24_46-default-10-2.2
kernel-livepatch-5_3_18-24_43-default-10-2.2
kernel-livepatch-5_3_18-24_37-default-11-2.2
kernel-livepatch-5_3_18-24_34-default-11-2.2
kernel-livepatch-5_3_18-24_29-default-11-2.2
kernel-livepatch-5_3_18-24_24-default-13-2.2
kernel-livepatch-5_3_18-24_15-default-13-2.2
kernel-livepatch-5_3_18-24_12-default-13-2.2
SUSE Linux Enterprise Live Patching 15 SP3
kernel-livepatch-5_3_18-59_16-default-2-2.1
kernel-livepatch-5_3_18-59_13-default-3-2.1
kernel-livepatch-5_3_18-59_10-default-3-2.1
kernel-livepatch-5_3_18-59_5-default-3-2.1
kernel-livepatch-5_3_18-57-default-5-3.1
Ссылки
- Link for SUSE-SU-2021:2746-1
- E-Mail link for SUSE-SU-2021:2746-1
- SUSE Security Ratings
- SUSE Bug 1186483
- SUSE Bug 1188323
- SUSE Bug 1188842
- SUSE CVE CVE-2021-22543 page
- SUSE CVE CVE-2021-3609 page
- SUSE CVE CVE-2021-37576 page
Описание
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-8-2.2
Ссылки
- CVE-2021-22543
- SUSE Bug 1186482
- SUSE Bug 1186483
- SUSE Bug 1190276
- SUSE Bug 1197660
Описание
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-8-2.2
Ссылки
- CVE-2021-3609
- SUSE Bug 1187215
- SUSE Bug 1188323
- SUSE Bug 1188720
- SUSE Bug 1190276
- SUSE Bug 1196810
Описание
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-13-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-10-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-9-2.2
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-8-2.2
Ссылки
- CVE-2021-37576
- SUSE Bug 1188838
- SUSE Bug 1188842
- SUSE Bug 1190276