Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2021:3205-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 20 vulnerabilities and has 106 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3653: Missing validation of the
int_ctl
VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the
virt_ext
VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
- CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
- CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
- CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ).
- CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393).
- CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
The following non-security bugs were fixed:
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
- ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes).
- ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes).
- ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes).
- ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes).
- ALSA: hda/realtek - Add type for ALC287 (git-fixes).
- ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
- ALSA: hda/realtek