SUSE-SU-2021:3684-1

Опубликовано: 17 нояб. 2021

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-197_99 fixes several issues.

The following security issues were fixed:

CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042).
CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432).
CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c (bsc#1191318).

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP4

kgraft-patch-4_12_14-95_65-default-13-2.2

kgraft-patch-4_12_14-95_68-default-12-2.2

kgraft-patch-4_12_14-95_71-default-11-2.2

kgraft-patch-4_12_14-95_77-default-7-2.2

kgraft-patch-4_12_14-95_80-default-5-2.2

SUSE Linux Enterprise Live Patching 12 SP5

kgraft-patch-4_12_14-122_51-default-15-2.2

kgraft-patch-4_12_14-122_54-default-13-2.2

kgraft-patch-4_12_14-122_57-default-13-2.2

kgraft-patch-4_12_14-122_63-default-11-2.2

kgraft-patch-4_12_14-122_66-default-9-2.2

kgraft-patch-4_12_14-122_71-default-8-2.2

kgraft-patch-4_12_14-122_74-default-6-2.2

kgraft-patch-4_12_14-122_77-default-6-2.2

kgraft-patch-4_12_14-122_80-default-5-2.2

kgraft-patch-4_12_14-122_83-default-4-2.2

kgraft-patch-4_12_14-122_88-default-2-2.2

SUSE Linux Enterprise Live Patching 15

kernel-livepatch-4_12_14-150_63-default-14-2.2

kernel-livepatch-4_12_14-150_69-default-11-2.2

kernel-livepatch-4_12_14-150_72-default-8-2.2

kernel-livepatch-4_12_14-150_75-default-5-2.2

SUSE Linux Enterprise Live Patching 15 SP1

kernel-livepatch-4_12_14-197_67-default-14-2.2

kernel-livepatch-4_12_14-197_72-default-13-2.2

kernel-livepatch-4_12_14-197_75-default-13-2.2

kernel-livepatch-4_12_14-197_78-default-13-2.2

kernel-livepatch-4_12_14-197_83-default-12-2.2

kernel-livepatch-4_12_14-197_86-default-11-2.2

kernel-livepatch-4_12_14-197_89-default-8-2.2

kernel-livepatch-4_12_14-197_92-default-7-2.2

kernel-livepatch-4_12_14-197_99-default-5-2.2

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213684-1/
Link for SUSE-SU-2021:3684-1
https://lists.suse.com/pipermail/sle-updates/2021-November/020771.html
E-Mail link for SUSE-SU-2021:3684-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1190432
SUSE Bug 1190432
https://bugzilla.suse.com/1191318
SUSE Bug 1191318
https://bugzilla.suse.com/1192042
SUSE Bug 1192042
https://www.suse.com/security/cve/CVE-2021-0935/
SUSE CVE CVE-2021-0935 page
https://www.suse.com/security/cve/CVE-2021-3752/
SUSE CVE CVE-2021-3752 page
https://www.suse.com/security/cve/CVE-2021-41864/
SUSE CVE CVE-2021-41864 page

Описание

In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-13-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-12-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-11-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_77-default-7-2.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-0935.html
CVE-2021-0935
https://bugzilla.suse.com/1192032
SUSE Bug 1192032
https://bugzilla.suse.com/1192042
SUSE Bug 1192042
https://bugzilla.suse.com/1196722
SUSE Bug 1196722

Описание

A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-13-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-12-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-11-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_77-default-7-2.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-3752.html
CVE-2021-3752
https://bugzilla.suse.com/1190023
SUSE Bug 1190023
https://bugzilla.suse.com/1190432
SUSE Bug 1190432

Описание

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-13-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-12-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-11-2.2

SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_77-default-7-2.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-41864.html
CVE-2021-41864
https://bugzilla.suse.com/1191317
SUSE Bug 1191317
https://bugzilla.suse.com/1191318
SUSE Bug 1191318

SUSE-SU-2021:3684-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP4

SUSE Linux Enterprise Live Patching 12 SP5

SUSE Linux Enterprise Live Patching 15

SUSE Linux Enterprise Live Patching 15 SP1

Ссылки

Уязвимость: CVE-2021-0935

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-3752

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-41864

Описание

Затронутые продукты

Ссылки