Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0553
Security update for the Linux Kernel
15 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3348 CVE-2021-3347 CVE-2020-36158
CVE-2020-29661 CVE-2020-29660 CVE-2020-29569
CVE-2020-29568 CVE-2020-29371 CVE-2020-28974
CVE-2020-28915 CVE-2020-28374 CVE-2020-27835
CVE-2020-27825 CVE-2020-27786 CVE-2020-27777
CVE-2020-27068 CVE-2020-25669 CVE-2020-25639
CVE-2020-25211 CVE-2020-15437 CVE-2020-15436
CVE-2020-4788 CVE-2020-0466 CVE-2020-0465
CVE-2020-0444 CVE-2019-20934
Reference: ESB-2021.0543
ESB-2021.0529
ESB-2021.0365
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20210434-1
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:0434-1
Rating: important
References: #1144912 #1149032 #1158775 #1163727 #1171979 #1176395
#1176846 #1176962 #1177304 #1177666 #1178036 #1178182
#1178198 #1178372 #1178589 #1178590 #1178684 #1178886
#1179107 #1179140 #1179141 #1179419 #1179429 #1179508
#1179509 #1179601 #1179616 #1179663 #1179666 #1179745
#1179877 #1179878 #1179895 #1179960 #1179961 #1180008
#1180027 #1180028 #1180029 #1180030 #1180031 #1180032
#1180052 #1180086 #1180559 #1180562 #1180676 #1181001
#1181158 #1181349 #1181504 #1181553 #1181645
Cross-References: CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466
CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639
CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786
CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915
CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569
CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788
CVE-2021-3347 CVE-2021-3348
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise High Availability 12-SP4
______________________________________________________________________________
An update that solves 26 vulnerabilities and has 27 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be
triggered by local attackers (with access to the nbd device) via an I/O
request (bnc#1181504).
o CVE-2021-3347: A use-after-free was discovered in the PI futexes during
fault handling, allowing local users to execute code in the kernel (bnc#
1181349).
o CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found,
specifically in the way user calls Ioctl after open dev file and fork. A
local user could use this flaw to crash the system (bnc#1179878).
o CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter()
which could be triggered by a local attackers by injecting conntrack
netlink configuration (bnc#1176395).
o CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#
1176846).
o CVE-2020-29569: Fixed a potential privilege escalation and information
leaks related to the PV block backend, as used by Xen (bnc#1179509).
o CVE-2020-29568: Fixed a denial of service issue, related to processing
watch events (bnc#1179508).
o CVE-2020-0444: Fixed a bad kfree due to a logic error in
audit_data_to_entry (bnc#1180027).
o CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c
that could have led to local privilege escalation (bnc#1180029).
o CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl
and ep_loop_check_proc of eventpoll.c (bnc#1180031).
o CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed
a local user to obtain sensitive information from the data in the L1 cache
under extenuating circumstances (bsc#1177666).
o CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
which could have allowed local users to gain privileges or cause a denial
of service (bsc#1179141).
o CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check
in the nl80211_policy policy of nl80211.c (bnc#1180086).
o CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction
Services (RTAS) interface, affecting guests running on top of PowerVM or
KVM hypervisors (bnc#1179107).
o CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation
(bnc#1179601).
o CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc
#1179960).
o CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#
1179429).
o CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may
have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
o CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a
use-after-free attack against TIOCSPGRP (bsc#1179745).
o CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have
been used by local attackers to read privileged information or potentially
crash the kernel (bsc#1178589).
o CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have
been used by local attackers to read kernel memory (bsc#1178886).
o CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#
1178182).
o CVE-2020-15437: Fixed a null pointer dereference which could have allowed
local users to cause a denial of service(bsc#1179140).
o CVE-2020-36158: Fixed a potential remote code execution in the Marvell
mwifiex driver (bsc#1180559).
o CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
o CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA
fault statistics were inappropriately freed (bsc#1179663).
The following non-security bugs were fixed:
o blk-mq: improve heavily contended tag case (bsc#1178198).
o debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
o epoll: Keep a reference on files added to the check list (bsc#1180031).
o fix regression in "epoll: Keep a reference on files added to the check
list" (bsc#1180031, git-fixes).
o futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
o futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349
bsc#1149032).
o futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
o futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
o futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
o futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
o futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
o futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#
1149032).
o HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
o iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#
1181001, jsc#ECO-3191).
o iommu/vt-d: Gracefully handle DMAR units with no supported address widths
(bsc#1181001, jsc#ECO-3191).
o kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
o locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#
1149032).
o md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
o md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
o md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
o md/cluster: block reshape with remote resync job (bsc#1163727).
o md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
o md-cluster: Fix potential error pointer dereference in resize_bitmaps()
(bsc#1163727).
o md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#
1163727).
o md-cluster: fix safemode_delay value when converting to clustered bitmap
(bsc#1163727).
o md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
o Move upstreamed bt fixes into sorted section
o nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
o net/x25: prevent a couple of overflows (bsc#1178590).
o NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
o rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349
bsc#1149032).
o s390/dasd: fix hanging device offline processing (bsc#1144912).
o scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#
188304).
o scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
(bsc#1176962 ltc#188304).
o SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
o x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001,
jsc#ECO-3191).
o x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#
1181001, jsc#ECO-3191).
o x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#
ECO-3191).
o x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
o x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
o x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#
ECO-3191).
o x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
o x86/traps: Simplify pagefault tracing logic (bsc#1179895).
o xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-434=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-434=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-434=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-434=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-434=1
o SUSE Linux Enterprise High Availability 12-SP4:
zypper in -t patch SUSE-SLE-HA-12-SP4-2021-434=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
kernel-default-4.12.14-95.68.1
kernel-default-base-4.12.14-95.68.1
kernel-default-base-debuginfo-4.12.14-95.68.1
kernel-default-debuginfo-4.12.14-95.68.1
kernel-default-debugsource-4.12.14-95.68.1
kernel-default-devel-4.12.14-95.68.1
kernel-default-devel-debuginfo-4.12.14-95.68.1
kernel-syms-4.12.14-95.68.1
o SUSE OpenStack Cloud Crowbar 9 (noarch):
kernel-devel-4.12.14-95.68.1
kernel-macros-4.12.14-95.68.1
kernel-source-4.12.14-95.68.1
o SUSE OpenStack Cloud 9 (noarch):
kernel-devel-4.12.14-95.68.1
kernel-macros-4.12.14-95.68.1
kernel-source-4.12.14-95.68.1
o SUSE OpenStack Cloud 9 (x86_64):
kernel-default-4.12.14-95.68.1
kernel-default-base-4.12.14-95.68.1
kernel-default-base-debuginfo-4.12.14-95.68.1
kernel-default-debuginfo-4.12.14-95.68.1
kernel-default-debugsource-4.12.14-95.68.1
kernel-default-devel-4.12.14-95.68.1
kernel-default-devel-debuginfo-4.12.14-95.68.1
kernel-syms-4.12.14-95.68.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
kernel-default-4.12.14-95.68.1
kernel-default-base-4.12.14-95.68.1
kernel-default-base-debuginfo-4.12.14-95.68.1
kernel-default-debuginfo-4.12.14-95.68.1
kernel-default-debugsource-4.12.14-95.68.1
kernel-default-devel-4.12.14-95.68.1
kernel-syms-4.12.14-95.68.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
kernel-devel-4.12.14-95.68.1
kernel-macros-4.12.14-95.68.1
kernel-source-4.12.14-95.68.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.68.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-95.68.1
kernel-default-base-4.12.14-95.68.1
kernel-default-base-debuginfo-4.12.14-95.68.1
kernel-default-debuginfo-4.12.14-95.68.1
kernel-default-debugsource-4.12.14-95.68.1
kernel-default-devel-4.12.14-95.68.1
kernel-syms-4.12.14-95.68.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.68.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
kernel-devel-4.12.14-95.68.1
kernel-macros-4.12.14-95.68.1
kernel-source-4.12.14-95.68.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
kernel-default-man-4.12.14-95.68.1
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kernel-default-kgraft-4.12.14-95.68.1
kernel-default-kgraft-devel-4.12.14-95.68.1
kgraft-patch-4_12_14-95_68-default-1-6.3.1
o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-95.68.1
cluster-md-kmp-default-debuginfo-4.12.14-95.68.1
dlm-kmp-default-4.12.14-95.68.1
dlm-kmp-default-debuginfo-4.12.14-95.68.1
gfs2-kmp-default-4.12.14-95.68.1
gfs2-kmp-default-debuginfo-4.12.14-95.68.1
kernel-default-debuginfo-4.12.14-95.68.1
kernel-default-debugsource-4.12.14-95.68.1
ocfs2-kmp-default-4.12.14-95.68.1
ocfs2-kmp-default-debuginfo-4.12.14-95.68.1
References:
o https://www.suse.com/security/cve/CVE-2019-20934.html
o https://www.suse.com/security/cve/CVE-2020-0444.html
o https://www.suse.com/security/cve/CVE-2020-0465.html
o https://www.suse.com/security/cve/CVE-2020-0466.html
o https://www.suse.com/security/cve/CVE-2020-15436.html
o https://www.suse.com/security/cve/CVE-2020-15437.html
o https://www.suse.com/security/cve/CVE-2020-25211.html
o https://www.suse.com/security/cve/CVE-2020-25639.html
o https://www.suse.com/security/cve/CVE-2020-25669.html
o https://www.suse.com/security/cve/CVE-2020-27068.html
o https://www.suse.com/security/cve/CVE-2020-27777.html
o https://www.suse.com/security/cve/CVE-2020-27786.html
o https://www.suse.com/security/cve/CVE-2020-27825.html
o https://www.suse.com/security/cve/CVE-2020-27835.html
o https://www.suse.com/security/cve/CVE-2020-28374.html
o https://www.suse.com/security/cve/CVE-2020-28915.html
o https://www.suse.com/security/cve/CVE-2020-28974.html
o https://www.suse.com/security/cve/CVE-2020-29371.html
o https://www.suse.com/security/cve/CVE-2020-29568.html
o https://www.suse.com/security/cve/CVE-2020-29569.html
o https://www.suse.com/security/cve/CVE-2020-29660.html
o https://www.suse.com/security/cve/CVE-2020-29661.html
o https://www.suse.com/security/cve/CVE-2020-36158.html
o https://www.suse.com/security/cve/CVE-2020-4788.html
o https://www.suse.com/security/cve/CVE-2021-3347.html
o https://www.suse.com/security/cve/CVE-2021-3348.html
o https://bugzilla.suse.com/1144912
o https://bugzilla.suse.com/1149032
o https://bugzilla.suse.com/1158775
o https://bugzilla.suse.com/1163727
o https://bugzilla.suse.com/1171979
o https://bugzilla.suse.com/1176395
o https://bugzilla.suse.com/1176846
o https://bugzilla.suse.com/1176962
o https://bugzilla.suse.com/1177304
o https://bugzilla.suse.com/1177666
o https://bugzilla.suse.com/1178036
o https://bugzilla.suse.com/1178182
o https://bugzilla.suse.com/1178198
o https://bugzilla.suse.com/1178372
o https://bugzilla.suse.com/1178589
o https://bugzilla.suse.com/1178590
o https://bugzilla.suse.com/1178684
o https://bugzilla.suse.com/1178886
o https://bugzilla.suse.com/1179107
o https://bugzilla.suse.com/1179140
o https://bugzilla.suse.com/1179141
o https://bugzilla.suse.com/1179419
o https://bugzilla.suse.com/1179429
o https://bugzilla.suse.com/1179508
o https://bugzilla.suse.com/1179509
o https://bugzilla.suse.com/1179601
o https://bugzilla.suse.com/1179616
o https://bugzilla.suse.com/1179663
o https://bugzilla.suse.com/1179666
o https://bugzilla.suse.com/1179745
o https://bugzilla.suse.com/1179877
o https://bugzilla.suse.com/1179878
o https://bugzilla.suse.com/1179895
o https://bugzilla.suse.com/1179960
o https://bugzilla.suse.com/1179961
o https://bugzilla.suse.com/1180008
o https://bugzilla.suse.com/1180027
o https://bugzilla.suse.com/1180028
o https://bugzilla.suse.com/1180029
o https://bugzilla.suse.com/1180030
o https://bugzilla.suse.com/1180031
o https://bugzilla.suse.com/1180032
o https://bugzilla.suse.com/1180052
o https://bugzilla.suse.com/1180086
o https://bugzilla.suse.com/1180559
o https://bugzilla.suse.com/1180562
o https://bugzilla.suse.com/1180676
o https://bugzilla.suse.com/1181001
o https://bugzilla.suse.com/1181158
o https://bugzilla.suse.com/1181349
o https://bugzilla.suse.com/1181504
o https://bugzilla.suse.com/1181553
o https://bugzilla.suse.com/1181645
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYCnZ6uNLKJtyKPYoAQgdKg/+K4Ivx7gIhXZmE+uwk7kVPrrVGUFFEvAu
7XJEwcqCrg2AS6Mr02RHU5GpFbbtcuyB3LqsUH/8howvf3LkTN8jewwNRD/3mrzB
BULw8jOzp+/BnVcRxPY4CCsTtdQTuvZQogRyonT+W3jMgvO0zXg6NT8zk5LdH88Q
WKuZe3oG3cmG+G6+mWUDbuFvFUMnm4S7bcpYwDhjdDB5EZTYjL8JexK20uZw1kfb
XpKJMhRCXTmCAPm64JSqczFglxUizw0Cb6SorGgYDVs2h1r7IaomNlB7X+Sn+Omk
dOcUf0nuLRszvomin87oFiSXtCHOwLB5DOk4tkZQl2OHxkFYdzEH01SSyYtOHJZo
fiT9wLt9Z2rGXZnZi3VPglsIADt+efCORX/qozh+oROkukNkhxTaq8deBSJYAkwh
8vSufhqItdneLjlfOE75gxzWdwIXvkk/QtfkfRUbMsaDcHwGQUz7OnXr8E9+eok/
K62Yy+FbKSzsy9Oq8jm0l6sn9baQ3ahVP969sq+ahqZtdA7Tz8YPsffP/64X7Fi/
ifGwmJHyvB7al/rHwArzYcoJsK0ZulAR6GnHDSPrTmFPVbFhwB9Exv98GS49xT4/
31wopPUZ0i9J30Tc1jbNnCe4GASjD32wpsFcM+h5ZDUQ0WZKjHY3FBeMYYaxifp0
T/EClN4f0ms=
=Usn/
-----END PGP SIGNATURE-----