Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:0740-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-29368 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29368 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29374 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2020-29374 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2021-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2021-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-26931 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-26931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-26932 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-26932 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 15
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  • SUSE Linux Enterprise Live Patching 15
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server 15 LTSS 15
  • SUSE Linux Enterprise Server ESPOS 15
  • SUSE Linux Enterprise Server for SAP Applications 15

An update that solves five vulnerabilities and has 11 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
  • CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
  • CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
  • CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

The following non-security bugs were fixed:

  • kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
  • kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
  • rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
  • rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
  • rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files.
  • rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for "grep -E". So use the latter instead.
  • rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
  • rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
  • rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
  • rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one).
  • rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
  • xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
  • xen/netback: fix spurious event detection for common event case (bsc#1182175).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Live Patching 15
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-740=1
  • SUSE Linux Enterprise High Availability Extension 15
    zypper in -t patch SUSE-SLE-Product-HA-15-2021-740=1
  • SUSE Linux Enterprise Server ESPOS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1
  • SUSE Linux Enterprise Server 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-SLES-15-2021-740=1
  • SUSE Linux Enterprise Server for SAP Applications 15
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-740=1

Package List:

  • SUSE Linux Enterprise Live Patching 15 (nosrc)
    • kernel-default-4.12.14-150.69.1
  • SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
    • kernel-livepatch-4_12_14-150_69-default-debuginfo-1-1.3.1
    • kernel-livepatch-4_12_14-150_69-default-1-1.3.1
    • kernel-default-livepatch-4.12.14-150.69.1
    • kernel-default-debuginfo-4.12.14-150.69.1
    • kernel-default-debugsource-4.12.14-150.69.1
  • SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
    • ocfs2-kmp-default-4.12.14-150.69.1
    • ocfs2-kmp-default-debuginfo-4.12.14-150.69.1
    • dlm-kmp-default-4.12.14-150.69.1
    • cluster-md-kmp-default-4.12.14-150.69.1
    • gfs2-kmp-default-debuginfo-4.12.14-150.69.1
    • kernel-default-debuginfo-4.12.14-150.69.1
    • gfs2-kmp-default-4.12.14-150.69.1
    • cluster-md-kmp-default-debuginfo-4.12.14-150.69.1
    • dlm-kmp-default-debuginfo-4.12.14-150.69.1
    • kernel-default-debugsource-4.12.14-150.69.1
  • SUSE Linux Enterprise High Availability Extension 15 (nosrc)
    • kernel-default-4.12.14-150.69.1
  • SUSE Linux Enterprise Server ESPOS 15 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-150.69.1
  • SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
    • kernel-obs-build-4.12.14-150.69.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
    • kernel-vanilla-debuginfo-4.12.14-150.69.1
    • kernel-default-devel-4.12.14-150.69.1
    • kernel-default-base-4.12.14-150.69.1
    • kernel-vanilla-base-4.12.14-150.69.1
    • kernel-syms-4.12.14-150.69.1
    • kernel-vanilla-debugsource-4.12.14-150.69.1
    • kernel-obs-build-debugsource-4.12.14-150.69.1
    • kernel-default-debuginfo-4.12.14-150.69.1
    • kernel-default-debugsource-4.12.14-150.69.1
    • kernel-default-devel-debuginfo-4.12.14-150.69.1
  • SUSE Linux Enterprise Server ESPOS 15 (noarch)
    • kernel-source-4.12.14-150.69.1
    • kernel-devel-4.12.14-150.69.1
    • kernel-macros-4.12.14-150.69.1
  • SUSE Linux Enterprise Server ESPOS 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.69.1
  • SUSE Linux Enterprise Server ESPOS 15 (nosrc)
    • kernel-vanilla-4.12.14-150.69.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-150.69.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
    • kernel-obs-build-4.12.14-150.69.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
    • kernel-vanilla-debuginfo-4.12.14-150.69.1
    • kernel-default-devel-4.12.14-150.69.1
    • kernel-default-base-4.12.14-150.69.1
    • kernel-vanilla-base-4.12.14-150.69.1
    • kernel-syms-4.12.14-150.69.1
    • kernel-vanilla-debugsource-4.12.14-150.69.1
    • kernel-obs-build-debugsource-4.12.14-150.69.1
    • kernel-default-debuginfo-4.12.14-150.69.1
    • kernel-default-debugsource-4.12.14-150.69.1
    • kernel-default-devel-debuginfo-4.12.14-150.69.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
    • kernel-source-4.12.14-150.69.1
    • kernel-devel-4.12.14-150.69.1
    • kernel-macros-4.12.14-150.69.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.69.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (nosrc)
    • kernel-vanilla-4.12.14-150.69.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-4.12.14-150.69.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
    • kernel-obs-build-4.12.14-150.69.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
    • kernel-vanilla-debuginfo-4.12.14-150.69.1
    • kernel-default-devel-4.12.14-150.69.1
    • kernel-default-base-4.12.14-150.69.1
    • kernel-vanilla-base-4.12.14-150.69.1
    • kernel-syms-4.12.14-150.69.1
    • kernel-vanilla-debugsource-4.12.14-150.69.1
    • kernel-obs-build-debugsource-4.12.14-150.69.1
    • kernel-default-debuginfo-4.12.14-150.69.1
    • reiserfs-kmp-default-debuginfo-4.12.14-150.69.1
    • reiserfs-kmp-default-4.12.14-150.69.1
    • kernel-default-debugsource-4.12.14-150.69.1
    • kernel-default-devel-debuginfo-4.12.14-150.69.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
    • kernel-source-4.12.14-150.69.1
    • kernel-devel-4.12.14-150.69.1
    • kernel-macros-4.12.14-150.69.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.69.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (nosrc)
    • kernel-vanilla-4.12.14-150.69.1
    • kernel-zfcpdump-4.12.14-150.69.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
    • kernel-zfcpdump-debuginfo-4.12.14-150.69.1
    • kernel-zfcpdump-debugsource-4.12.14-150.69.1
    • kernel-default-man-4.12.14-150.69.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (nosrc ppc64le x86_64)
    • kernel-default-4.12.14-150.69.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
    • kernel-obs-build-4.12.14-150.69.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
    • kernel-vanilla-debuginfo-4.12.14-150.69.1
    • kernel-default-devel-4.12.14-150.69.1
    • kernel-default-base-4.12.14-150.69.1
    • kernel-vanilla-base-4.12.14-150.69.1
    • kernel-syms-4.12.14-150.69.1
    • kernel-vanilla-debugsource-4.12.14-150.69.1
    • kernel-obs-build-debugsource-4.12.14-150.69.1
    • kernel-default-debuginfo-4.12.14-150.69.1
    • reiserfs-kmp-default-debuginfo-4.12.14-150.69.1
    • reiserfs-kmp-default-4.12.14-150.69.1
    • kernel-default-debugsource-4.12.14-150.69.1
    • kernel-default-devel-debuginfo-4.12.14-150.69.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
    • kernel-source-4.12.14-150.69.1
    • kernel-devel-4.12.14-150.69.1
    • kernel-macros-4.12.14-150.69.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.69.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (nosrc)
    • kernel-vanilla-4.12.14-150.69.1

References: