Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2021:3205-2 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 20 vulnerabilities and has 106 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3653: Missing validation of the
int_ctl
VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the
virt_ext
VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
- CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
- CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
- CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ).
- CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393).
- CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
The following non-security bugs were fixed:
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
- ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes).
- ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes).
- ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes).
- ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes).
- ALSA: hda/realtek - Add type for ALC287 (git-fixes).
- ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
- ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes).
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
- ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
- ALSA: hda: Fix hang during shutdown due to link reset (git-fixes).
- ALSA: hda: Release controller display power during shutdown/reboot (git-fixes).
- ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
- ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
- ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
- ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
- ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes).
- ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes).
- ASoC: amd: Fix reference to PCM buffer address (git-fixes).
- ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes).
- ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
- ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).<