Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:0437-1
Rating:	important
References:	bsc#1070943 bsc#1121826 bsc#1121872 bsc#1157298 bsc#1168952 bsc#1173942 bsc#1176395 bsc#1176485 bsc#1177411 bsc#1178123 bsc#1178182 bsc#1178589 bsc#1178622 bsc#1178886 bsc#1179107 bsc#1179140 bsc#1179141 bsc#1179204 bsc#1179419 bsc#1179508 bsc#1179509 bsc#1179601 bsc#1179616 bsc#1179663 bsc#1179666 bsc#1179745 bsc#1179877 bsc#1179960 bsc#1179961 bsc#1180008 bsc#1180027 bsc#1180028 bsc#1180029 bsc#1180030 bsc#1180031 bsc#1180032 bsc#1180052 bsc#1180086 bsc#1180559 bsc#1180562 bsc#1181349 bsc#969755
Cross-References:	CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347
CVSS scores:	CVE-2019-19063 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19063 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20934 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-20934 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2019-6133 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2019-6133 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-0444 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-11668 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-11668 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-15436 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15437 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-15437 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-25211 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25211 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25285 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25285 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25668 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25668 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25669 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25669 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27068 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27068 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27673 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27777 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27825 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-27825 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-28915 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-28915 ( NVD ): 5.8 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2020-28974 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-28974 ( NVD ): 5.0 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2020-29568 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29660 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29661 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7

An update that solves 26 vulnerabilities and has 16 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
• CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
• CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
• CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395).
• CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
• CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
• CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
• CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
• CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
• CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
• CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).
• CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
• CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
• CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
• CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
• CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
• CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
• CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ).
• CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140).
• CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
• CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).
• CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).
• CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
• CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).
• CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ).
• CVE-2019-6133: Fixed an issue where the "start time" protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172).

The following non-security bugs were fixed:

• HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
• epoll: Keep a reference on files added to the check list (bsc#1180031).
• fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes).
• futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755).
• futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755).
• futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755).
• futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755).
• futex: Avoid freeing an active timer (bsc#969755).
• futex: Avoid violating the 10th rule of futex (bsc#969755).
• futex: Change locking rules (bsc#969755).
• futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755).
• futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755).
• futex: Fix OWNER_DEAD fixup (bsc#969755).
• futex: Fix incorrect should_fail_futex() handling (bsc#969755).
• futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755).
• futex: Fix pi_state->owner serialization (bsc#969755).
• futex: Fix small (and harmless looking) inconsistencies (bsc#969755).
• futex: Futex_unlock_pi() determinism (bsc#969755).
• futex: Handle early deadlock return correctly (bsc#969755).
• futex: Handle transient "ownerless" rtmutex state correctly (bsc#969755).
• futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755).
• futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755).
• futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755).
• locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755).
• mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 7
  zypper in -t patch SUSE-OpenStack-Cloud-7-2021-437=1
• SUSE Linux Enterprise High Availability Extension 12 SP2
  zypper in -t patch SUSE-SLE-HA-12-SP2-2021-437=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-HA-12-SP2-2021-437=1 SUSE-SLE-SAP-12-SP2-2021-437=1
• SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
  zypper in -t patch SUSE-SLE-POS-12-SP2-CLIENT-2021-437=1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-437=1
• SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-ESPOS-2021-437=1
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-437=1

Package List:

• SUSE OpenStack Cloud 7 (nosrc x86_64)
  • kernel-default-4.4.121-92.149.1
• SUSE OpenStack Cloud 7 (x86_64)
  • kgraft-patch-4_4_121-92_149-default-1-3.3.1
  • kernel-default-debugsource-4.4.121-92.149.1
  • kernel-default-base-debuginfo-4.4.121-92.149.1
  • kernel-default-debuginfo-4.4.121-92.149.1
  • kernel-syms-4.4.121-92.149.1
  • kernel-default-devel-4.4.121-92.149.1
  • kernel-default-base-4.4.121-92.149.1
• SUSE OpenStack Cloud 7 (noarch)
  • kernel-devel-4.4.121-92.149.1
  • kernel-source-4.4.121-92.149.1
  • kernel-macros-4.4.121-92.149.1
• SUSE Linux Enterprise High Availability Extension 12 SP2 (ppc64le s390x x86_64)
  • gfs2-kmp-default-debuginfo-4.4.121-92.149.1
  • ocfs2-kmp-default-debuginfo-4.4.121-92.149.1
  • dlm-kmp-default-4.4.121-92.149.1
  • cluster-network-kmp-default-debuginfo-4.4.121-92.149.1
  • kernel-default-debugsource-4.4.121-92.149.1
  • ocfs2-kmp-default-4.4.121-92.149.1
  • cluster-network-kmp-default-4.4.121-92.149.1
  • kernel-default-debuginfo-4.4.121-92.149.1
  • cluster-md-kmp-default-debuginfo-4.4.121-92.149.1
  • gfs2-kmp-default-4.4.121-92.149.1
  • dlm-kmp-default-debuginfo-4.4.121-92.149.1
  • cluster-md-kmp-default-4.4.121-92.149.1
• SUSE Linux Enterprise High Availability Extension 12 SP2 (nosrc)
  • kernel-default-4.4.121-92.149.1
• SUSE Linux Enterprise Ser