Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:0740-1
Rating:	important
References:	bsc#1065600 bsc#1163592 bsc#1178401 bsc#1178762 bsc#1179014 bsc#1179015 bsc#1179045 bsc#1179082 bsc#1179428 bsc#1179660 bsc#1180058 bsc#1181747 bsc#1181753 bsc#1181843 bsc#1182140 bsc#1182175
Cross-References:	CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932
CVSS scores:	CVE-2020-29368 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2020-29374 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26931 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-26931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26932 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-26932 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves five vulnerabilities and has 11 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
• CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
• CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
• CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

The following non-security bugs were fixed:

• kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
• kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
• rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
• rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
• rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files.
• rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for "grep -E". So use the latter instead.
• rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
• rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
• rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
• rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one).
• rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
• xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
• xen/netback: fix spurious event detection for common event case (bsc#1182175).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-740=1
• SUSE Linux Enterprise High Availability Extension 15
  zypper in -t patch SUSE-SLE-Product-HA-15-2021-740=1
• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2021-740=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-740=1

Package List:

• SUSE Linux Enterprise Live Patching 15 (nosrc)
  • kernel-default-4.12.14-150.69.1
• SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
  • kernel-livepatch-4_12_14-150_69-default-debuginfo-1-1.3.1
  • kernel-livepatch-4_12_14-150_69-default-1-1.3.1
  • kernel-default-livepatch-4.12.14-150.69.1
  • kernel-default-debuginfo-4.12.14-150.69.1
  • kernel-default-debugsource-4.12.14-150.69.1
• SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
  • ocfs2-kmp-default-4.12.14-150.69.1
  • ocfs2-kmp-default-debuginfo-4.12.14-150.69.1
  • dlm-kmp-default-4.12.14-150.69.1
  • cluster-md-kmp-default-4.12.14-150.69.1
  • gfs2-kmp-default-debuginfo-4.12.14-150.69.1
  • kernel-default-debuginfo-4.12.14-150.69.1
  • gfs2-kmp-default-4.12.14-150.69.1
  • cluster-md-kmp-default-debuginfo-4.12.14-150.69.1
  • dlm-kmp-default-debuginfo-4.12.14-150.69.1
  • kernel-default-debugsource-4.12.14-150.69.1
• SUSE Linux Enterprise High Availability Extension 15 (nosrc)
  • kernel-default-4.12.14-150.69.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150.69.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • kernel-obs-build-4.12.14-150.69.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
  • kernel-vanilla-debuginfo-4.12.14-150.69.1
  • kernel-default-devel-4.12.14-150.69.1
  • kernel-default-base-4.12.14-150.69.1
  • kernel-vanilla-base-4.12.14-150.69.1
  • kernel-syms-4.12.14-150.69.1
  • kernel-vanilla-debugsource-4.12.14-150.69.1
  • kernel-obs-build-debugsource-4.12.14-150.69.1
  • kernel-default-debuginfo-4.12.14-150.69.1
  • kernel-default-debugsource-4.12.14-150.69.1
  • kernel-default-devel-debuginfo-4.12.14-150.69.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • kernel-source-4.12.14-150.69.1
  • kernel-devel-4.12.14-150.69.1
  • kernel-macros-4.12.14-150.69.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.69.1
• SUSE Linux Enterprise Server ESPOS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.69.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150.69.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • kernel-obs-build-4.12.14-150.69.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
  • kernel-vanilla-debuginfo-4.12.14-150.69.1
  • kernel-default-devel-4.12.14-150.69.1
  • kernel-default-base-4.12.14-150.69.1
  • kernel-vanilla-base-4.12.14-150.69.1
  • kernel-syms-4.12.14-150.69.1
  • kernel-vanilla-debugsource-4.12.14-150.69.1
  • kernel-obs-build-debugsource-4.12.14-150.69.1
  • kernel-default-debuginfo-4.12.14-150.69.1
  • kernel-default-debugsource-4.12.14-150.69.1
  • kernel-default-devel-debuginfo-4.12.14-150.69.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • kernel-source-4.12.14-150.69.1
  • kernel-devel-4.12.14-150.69.1
  • kernel-macros-4.12.14-150.69.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.69.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.69.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.12.14-150.69.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • kernel-obs-build-4.12.14-150.69.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
  • kernel-vanilla-debuginfo-4.12.14-150.69.1
  • kernel-default-devel-4.12.14-150.69.1
  • kernel-default-base-4.12.14-150.69.1
  • kernel-vanilla-base-4.12.14-150.69.1
  • kernel-syms-4.12.14-150.69.1
  • kernel-vanilla-debugsource-4.12.14-150.69.1
  • kernel-obs-build-debugsource-4.12.14-150.69.1
  • kernel-default-debuginfo-4.12.14-150.69.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150.69.1
  • reiserfs-kmp-default-4.12.14-150.69.1
  • kernel-default-debugsource-4.12.14-150.69.1
  • kernel-default-devel-debuginfo-4.12.14-150.69.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • kernel-source-4.12.14-150.69.1
  • kernel-devel-4.12.14-150.69.1
  • kernel-macros-4.12.14-150.69.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.69.1
• SUSE Linux Enterprise Server 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.69.1
  • kernel-zfcpdump-4.12.14-150.69.1
• SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
  • kernel-zfcpdump-debuginfo-4.12.14-150.69.1
  • kernel-zfcpdump-debugsource-4.12.14-150.69.1
  • kernel-default-man-4.12.14-150.69.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc ppc64le x86_64)
  • kernel-default-4.12.14-150.69.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • kernel-obs-build-4.12.14-150.69.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.69.1
  • kernel-vanilla-debuginfo-4.12.14-150.69.1
  • kernel-default-devel-4.12.14-150.69.1
  • kernel-default-base-4.12.14-150.69.1
  • kernel-vanilla-base-4.12.14-150.69.1
  • kernel-syms-4.12.14-150.69.1
  • kernel-vanilla-debugsource-4.12.14-150.69.1
  • kernel-obs-build-debugsource-4.12.14-150.69.1
  • kernel-default-debuginfo-4.12.14-150.69.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150.69.1
  • reiserfs-kmp-default-4.12.14-150.69.1
  • kernel-default-debugsource-4.12.14-150.69.1
  • kernel-default-devel-debuginfo-4.12.14-150.69.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • kernel-source-4.12.14-150.69.1
  • kernel-devel-4.12.14-150.69.1
  • kernel-macros-4.12.14-150.69.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.69.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc)
  • kernel-vanilla-4.12.14-150.69.1

References:

• https://www.suse.com/security/cve/CVE-2020-29368.html
• https://www.suse.com/security/cve/CVE-2020-29374.html
• https://www.suse.com/security/cve/CVE-2021-26930.html
• https://www.suse.com/security/cve/CVE-2021-26931.html
• https://www.suse.com/security/cve/CVE-2021-26932.html
• https://bugzilla.suse.com/show_bug.cgi?id=1065600
• https://bugzilla.suse.com/show_bug.cgi?id=1163592
• https://bugzilla.suse.com/show_bug.cgi?id=1178401
• https://bugzilla.suse.com/show_bug.cgi?id=1178762
• https://bugzilla.suse.com/show_bug.cgi?id=1179014
• https://bugzilla.suse.com/show_bug.cgi?id=1179015
• https://bugzilla.suse.com/show_bug.cgi?id=1179045
• https://bugzilla.suse.com/show_bug.cgi?id=1179082
• https://bugzilla.suse.com/show_bug.cgi?id=1179428
• https://bugzilla.suse.com/show_bug.cgi?id=1179660
• https://bugzilla.suse.com/show_bug.cgi?id=1180058
• https://bugzilla.suse.com/show_bug.cgi?id=1181747
• https://bugzilla.suse.com/show_bug.cgi?id=1181753
• https://bugzilla.suse.com/show_bug.cgi?id=1181843
• https://bugzilla.suse.com/show_bug.cgi?id=1182140
• https://bugzilla.suse.com/show_bug.cgi?id=1182175