Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:2406-1
Rating:	important
References:	bsc#1179610 bsc#1180846 bsc#1184611 bsc#1185859 bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185898 bsc#1185987 bsc#1186060 bsc#1186062 bsc#1186111 bsc#1186390 bsc#1186463 bsc#1187038 bsc#1187050 bsc#1187215 bsc#1187452 bsc#1187595 bsc#1187601 bsc#1187934 bsc#1188062 bsc#1188116
Cross-References:	CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609
CVSS scores:	CVE-2020-24586 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-24586 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-24587 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-24587 ( NVD ): 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-24588 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-24588 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2020-26139 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-26139 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26141 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26141 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-26145 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26145 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-26147 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N CVE-2020-26558 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26558 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-36385 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36385 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-36386 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-36386 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-0129 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-0129 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0512 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0512 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0605 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0605 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-22555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32399 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-32399 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33034 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-33034 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-34693 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-34693 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2

An update that solves 20 vulnerabilities and has four security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116)
• CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062)
• CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215)
• CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)
• CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)
• CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)
• CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. (bsc#1187050)
• CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463)
• CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610)
• CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038)
• CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861)
• CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611)
• CVE-2021-33034: Fixed an issue in net/bluetooth/hci_event.c where a use-after-free leads to writing an arbitrary value. (bsc#1186111)
• CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward EAPOL frames to other clients even though the sender has not yet successfully authenticated. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients. (bsc#1186062)
• CVE-2021-23134: Fixed a use After Free vulnerability in nfc sockets which allows local attackers to elevate their privileges. (bsc#1186060)
• CVE-2020-24586: Fixed a bug that, under the right circumstances, allows to inject arbitrary network packets and/or exfiltrate user data when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP. (bsc#1185859)
• CVE-2020-26141: Fixed a flaw that could allows an adversary to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bsc#1185987)
• CVE-2020-26145: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject arbitrary network packets. (bsc#1185860)
• CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (bsc#1185862)
• CVE-2020-26147: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames. (bsc#1185987)

The following non-security bugs were fixed:

• kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
• kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
• kernel/smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
• kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
• kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
• Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846).
• Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2406=1

Package List:

• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64)
  • kernel-default-4.4.121-92.158.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
  • kernel-default-devel-4.4.121-92.158.1
  • kernel-default-base-debuginfo-4.4.121-92.158.1
  • kernel-syms-4.4.121-92.158.1
  • kernel-default-base-4.4.121-92.158.1
  • kernel-default-debuginfo-4.4.121-92.158.1
  • kernel-default-debugsource-4.4.121-92.158.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
  • kernel-macros-4.4.121-92.158.1
  • kernel-source-4.4.121-92.158.1
  • kernel-devel-4.4.121-92.158.1

References:

• https://www.suse.com/security/cve/CVE-2020-24586.html
• https://www.suse.com/security/cve/CVE-2020-24587.html
• https://www.suse.com/security/cve/CVE-2020-24588.html
• https://www.suse.com/security/cve/CVE-2020-26139.html
• https://www.suse.com/security/cve/CVE-2020-26141.html
• https://www.suse.com/security/cve/CVE-2020-26145.html
• https://www.suse.com/security/cve/CVE-2020-26147.html
• https://www.suse.com/security/cve/CVE-2020-26558.html
• https://www.suse.com/security/cve/CVE-2020-36385.html
• https://www.suse.com/security/cve/CVE-2020-36386.html
• https://www.suse.com/security/cve/CVE-2021-0129.html
• https://www.suse.com/security/cve/CVE-2021-0512.html
• https://www.suse.com/security/cve/CVE-2021-0605.html
• https://www.suse.com/security/cve/CVE-2021-22555.html
• https://www.suse.com/security/cve/CVE-2021-23134.html
• https://www.suse.com/security/cve/CVE-2021-32399.html
• https://www.suse.com/security/cve/CVE-2021-33034.html
• https://www.suse.com/security/cve/CVE-2021-33909.html
• https://www.suse.com/security/cve/CVE-2021-34693.html
• https://www.suse.com/security/cve/CVE-2021-3609.html
• https://bugzilla.suse.com/show_bug.cgi?id=1179610
• https://bugzilla.suse.com/show_bug.cgi?id=1180846
• https://bugzilla.suse.com/show_bug.cgi?id=1184611
• https://bugzilla.suse.com/show_bug.cgi?id=1185859
• https://bugzilla.suse.com/show_bug.cgi?id=1185860
• https://bugzilla.suse.com/show_bug.cgi?id=1185861
• https://bugzilla.suse.com/show_bug.cgi?id=1185862
• https://bugzilla.suse.com/show_bug.cgi?id=1185863
• https://bugzilla.suse.com/show_bug.cgi?id=1185898
• https://bugzilla.suse.com/show_bug.cgi?id=1185987
• https://bugzilla.suse.com/show_bug.cgi?id=1186060
• https://bugzilla.suse.com/show_bug.cgi?id=1186062
• https://bugzilla.suse.com/show_bug.cgi?id=1186111
• https://bugzilla.suse.com/show_bug.cgi?id=1186390
• https://bugzilla.suse.com/show_bug.cgi?id=1186463
• https://bugzilla.suse.com/show_bug.cgi?id=1187038
• https://bugzilla.suse.com/show_bug.cgi?id=1187050
• https://bugzilla.suse.com/show_bug.cgi?id=1187215
• https://bugzilla.suse.com/show_bug.cgi?id=1187452
• https://bugzilla.suse.com/show_bug.cgi?id=1187595
• https://bugzilla.suse.com/show_bug.cgi?id=1187601
• https://bugzilla.suse.com/show_bug.cgi?id=1187934
• https://bugzilla.suse.com/show_bug.cgi?id=1188062
• https://bugzilla.suse.com/show_bug.cgi?id=1188116