Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:0737-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-29368 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29368 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29374 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2020-29374 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2021-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2021-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-26931 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-26931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-26932 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-26932 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE CaaS Platform 4.0
  • SUSE Enterprise Storage 6
  • SUSE Linux Enterprise High Availability Extension 15 SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
  • SUSE Linux Enterprise Live Patching 15-SP1
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • SUSE Manager Proxy 4.0
  • SUSE Manager Retail Branch Server 4.0
  • SUSE Manager Server 4.0

An update that solves five vulnerabilities and has 14 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
  • CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
  • CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
  • CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

The following non-security bugs were fixed:

  • btrfs: Cleanup try_flush_qgroup (bsc#1182047).
  • btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
  • btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130)
  • btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
  • btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
  • btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
  • btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).
  • Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).
  • ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
  • kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).")
  • libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).
  • net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).
  • net: bcmgenet: code movement (git-fixes).
  • net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).
  • net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
  • net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
  • net: bcmgenet: set Rx mode before starting netif (git-fixes).
  • net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).
  • net: bcmgenet: Use correct I/O accessors (git-fixes).
  • net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
  • net/mlx4_en: Handle TX error CQE (bsc#1181854).
  • net: moxa: Fix a potential double 'free_irq()' (git-fixes).
  • net: sun: fix missing release regions in cas_init_one() (git-fixes).
  • nvme-multipath: Early exit if no path is available (bsc#1180964).
  • rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
  • scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617).
  • usb: dwc2: Abort transaction after errors with unknown reason (bsc#1180262).
  • usb: dwc2: Do not update data length if it is 0 on inbound transfers (bsc#1180262).
  • usb: dwc2: Make "trimming xfer length" a debug message (bsc#1180262).
  • vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).
  • xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
  • xen/netback: fix spurious event detection for common event case (bsc#1182175).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Live Patching 15-SP1
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-737=1
    Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates.
  • SUSE Linux Enterprise High Availability Extension 15 SP1
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-737=1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-737=1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-737=1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-737=1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-737=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-737=1
  • SUSE Manager Proxy 4.0
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-737=1
  • SUSE Manager Retail Branch Server 4.0
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-737=1
  • SUSE Manager Server 4.0
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-737=1
  • SUSE Enterprise Storage 6
    zypper in -t patch SUSE-Storage-6-2021-737=1
  • SUSE CaaS Platform 4.0
    To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

  • SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
    • kernel-default-4.12.14-197.86.1
  • SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-livepatch-4.12.14-197.86.1
    • kernel-livepatch-4_12_14-197_86-default-1-3.3.1
    • kernel-default-livepatch-devel-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
  • SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-4.12.14-197.86.1
    • ocfs2-kmp-default-debuginfo-4.12.14-197.86.1
    • dlm-kmp-default-4.12.14-197.86.1
    • cluster-md-kmp-default-debuginfo-4.12.14-197.86.1
    • ocfs2-kmp-default-4.12.14-197.86.1
    • dlm-kmp-default-debuginfo-4.12.14-197.86.1
    • cluster-md-kmp-default-4.12.14-197.86.1
    • gfs2-kmp-default-debuginfo-4.12.14-197.86.1
    • gfs2-kmp-default-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
  • SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
    • kernel-default-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (nosrc x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
    • kernel-zfcpdump-debuginfo-4.12.14-197.86.1
    • kernel-zfcpdump-debugsource-4.12.14-197.86.1
    • kernel-default-man-4.12.14-197.86.1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
    • kernel-zfcpdump-4.12.14-197.86.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Manager Proxy 4.0 (nosrc x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Manager Proxy 4.0 (x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Manager Proxy 4.0 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Manager Proxy 4.0 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Manager Retail Branch Server 4.0 (nosrc x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Manager Retail Branch Server 4.0 (x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Manager Retail Branch Server 4.0 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Manager Retail Branch Server 4.0 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Manager Server 4.0 (nosrc ppc64le s390x x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Manager Server 4.0 (ppc64le s390x x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Manager Server 4.0 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Manager Server 4.0 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE Manager Server 4.0 (s390x)
    • kernel-zfcpdump-debuginfo-4.12.14-197.86.1
    • kernel-zfcpdump-debugsource-4.12.14-197.86.1
    • kernel-default-man-4.12.14-197.86.1
  • SUSE Manager Server 4.0 (nosrc)
    • kernel-zfcpdump-4.12.14-197.86.1
  • SUSE Enterprise Storage 6 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE Enterprise Storage 6 (aarch64 x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE Enterprise Storage 6 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE Enterprise Storage 6 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1
  • SUSE CaaS Platform 4.0 (nosrc x86_64)
    • kernel-default-4.12.14-197.86.1
  • SUSE CaaS Platform 4.0 (x86_64)
    • kernel-default-devel-4.12.14-197.86.1
    • kernel-default-debuginfo-4.12.14-197.86.1
    • kernel-default-devel-debuginfo-4.12.14-197.86.1
    • reiserfs-kmp-default-4.12.14-197.86.1
    • kernel-obs-build-debugsource-4.12.14-197.86.1
    • kernel-obs-build-4.12.14-197.86.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.86.1
    • kernel-syms-4.12.14-197.86.1
    • kernel-default-base-debuginfo-4.12.14-197.86.1
    • kernel-default-debugsource-4.12.14-197.86.1
    • kernel-default-base-4.12.14-197.86.1
  • SUSE CaaS Platform 4.0 (noarch)
    • kernel-macros-4.12.14-197.86.1
    • kernel-devel-4.12.14-197.86.1
    • kernel-source-4.12.14-197.86.1
  • SUSE CaaS Platform 4.0 (noarch nosrc)
    • kernel-docs-4.12.14-197.86.1

References: