Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:1177-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2019-18814 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2019-18814 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-19769 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H
  • CVE-2019-19769 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27170 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-27170 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-27171 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-27171 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-27815 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27815 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-35519 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-35519 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-27363 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-27363 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2021-27364 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-27364 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2021-27365 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-27365 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28038 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28038 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28375 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28660 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2021-28660 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28688 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28688 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-28964 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28964 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28971 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28972 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-28972 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-29264 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29264 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29265 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29265 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-29647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-29647 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-3428 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2021-3428 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3444 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3444 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Public Cloud Module 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Manager Proxy 4.1
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Server 4.1

An update that solves 21 vulnerabilities and has 74 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
  • CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
  • CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
  • CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
  • CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
  • CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
  • CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
  • CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
  • CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
  • CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
  • CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
  • CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
  • CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
  • CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
  • CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
  • CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
  • CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
  • CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
  • CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
  • CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
  • CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).

The following non-security bugs were fixed:

  • 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
  • 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
  • 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)).
  • ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
  • ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
  • ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
  • ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
  • ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
  • ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
  • ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
  • ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
  • ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
  • ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
  • ALSA: hda: generic: Fix the micmute led init state (git-fixes).
  • ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
  • ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
  • ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
  • ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
  • ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
  • ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
  • ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
  • ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
  • ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
  • ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
  • ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
  • ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
  • ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
  • ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
  • ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
  • ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552).
  • ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
  • ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes).
  • ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
  • ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
  • ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
  • amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
  • apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
  • arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
  • ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
  • ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
  • ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
  • ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
  • ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
  • ASoC: cs42l42: Fix channel width support (git-fixes).
  • ASoC: cs42l42: Fix mixer volume control (git-fixes).
  • ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
  • ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
  • ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
  • ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
  • ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
  • ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
  • ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
  • ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
  • ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
  • ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
  • ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
  • ASoC: simple-card-utils: Do not handle device clock (git-fixes).
  • ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
  • ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
  • binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
  • binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
  • blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
  • blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
  • blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
  • block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
  • block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
  • Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
  • Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
  • bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
  • bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
  • bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
  • bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
  • bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
  • bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
  • bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
  • bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
  • bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
  • brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
  • brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
  • btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
  • btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
  • btrfs: fix exhaustion of the system chunk arr