Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:3179-1
Rating:	important
References:	bsc#1040364 bsc#1127650 bsc#1135481 bsc#1152489 bsc#1160010 bsc#1168202 bsc#1171420 bsc#1174969 bsc#1175052 bsc#1175543 bsc#1177399 bsc#1180100 bsc#1180141 bsc#1180347 bsc#1181006 bsc#1181148 bsc#1181972 bsc#1184180 bsc#1185902 bsc#1186264 bsc#1186731 bsc#1187211 bsc#1187455 bsc#1187468 bsc#1187483 bsc#1187619 bsc#1187959 bsc#1188067 bsc#1188172 bsc#1188231 bsc#1188270 bsc#1188412 bsc#1188418 bsc#1188616 bsc#1188700 bsc#1188780 bsc#1188781 bsc#1188782 bsc#1188783 bsc#1188784 bsc#1188786 bsc#1188787 bsc#1188788 bsc#1188790 bsc#1188878 bsc#1188885 bsc#1188924 bsc#1188982 bsc#1188983 bsc#1188985 bsc#1189021 bsc#1189057 bsc#1189077 bsc#1189153 bsc#1189197 bsc#1189209 bsc#1189210 bsc#1189212 bsc#1189213 bsc#1189214 bsc#1189215 bsc#1189216 bsc#1189217 bsc#1189218 bsc#1189219 bsc#1189220 bsc#1189221 bsc#1189222 bsc#1189225 bsc#1189229 bsc#1189233 bsc#1189262 bsc#1189291 bsc#1189292 bsc#1189296 bsc#1189298 bsc#1189301 bsc#1189305 bsc#1189323 bsc#1189384 bsc#1189385 bsc#1189392 bsc#1189393 bsc#1189399 bsc#1189400 bsc#1189427 bsc#1189503 bsc#1189504 bsc#1189505 bsc#1189506 bsc#1189507 bsc#1189562 bsc#1189563 bsc#1189564 bsc#1189565 bsc#1189566 bsc#1189567 bsc#1189568 bsc#1189569 bsc#1189573 bsc#1189574 bsc#1189575 bsc#1189576 bsc#1189577 bsc#1189579 bsc#1189581 bsc#1189582 bsc#1189583 bsc#1189585 bsc#1189586 bsc#1189587 bsc#1189696 bsc#1189706 bsc#1189760 bsc#1189762 bsc#1189832 bsc#1189841 bsc#1189870 bsc#1189872 bsc#1189883 bsc#1190022 bsc#1190025 bsc#1190115 bsc#1190117 bsc#1190412 bsc#1190413 bsc#1190428
Cross-References:	CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209
CVSS scores:	CVE-2020-12770 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2020-12770 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34556 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34556 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-35477 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3640 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3640 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3656 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3679 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3739 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3739 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-3743 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-3753 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3753 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3759 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3759 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38160 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38166 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-38166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38204 ( SUSE ): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38204 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-38205 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38205 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2021-38206 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38206 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38207 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38209 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38209 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:	openSUSE Leap 15.3 Public Cloud Module 15-SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves 20 vulnerabilities and has 107 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
CVE-2021-3653: Missing validation of the int_ctl VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
CVE-2021-3656: Missing validation of the the virt_ext VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ).
CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393).
CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296).
CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).

The following non-security bugs were fixed:

ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Export function to claim _CST control (bsc#1175543)
ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes).
ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes).
ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes).
ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes).
ALSA: hda/realtek - Add type for ALC287 (git-fixes).
ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes).
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes).
ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
ALSA: hda: Fix hang during shutdown due to link reset (git-fixes).
ALSA: hda: Release controller display power during shutdown/reboot (git-fixes).
ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes).
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
ALSA: seq: Fix racy deletion of subscriber (git-fixes).
ALSA: usb-audio: Add registration quirk f