Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0553 Security update for the Linux Kernel 15 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-3348 CVE-2021-3347 CVE-2020-36158 CVE-2020-29661 CVE-2020-29660 CVE-2020-29569 CVE-2020-29568 CVE-2020-29371 CVE-2020-28974 CVE-2020-28915 CVE-2020-28374 CVE-2020-27835 CVE-2020-27825 CVE-2020-27786 CVE-2020-27777 CVE-2020-27068 CVE-2020-25669 CVE-2020-25639 CVE-2020-25211 CVE-2020-15437 CVE-2020-15436 CVE-2020-4788 CVE-2020-0466 CVE-2020-0465 CVE-2020-0444 CVE-2019-20934 Reference: ESB-2021.0543 ESB-2021.0529 ESB-2021.0365 Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20210434-1 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0434-1 Rating: important References: #1144912 #1149032 #1158775 #1163727 #1171979 #1176395 #1176846 #1176962 #1177304 #1177666 #1178036 #1178182 #1178198 #1178372 #1178589 #1178590 #1178684 #1178886 #1179107 #1179140 #1179141 #1179419 #1179429 #1179508 #1179509 #1179601 #1179616 #1179663 #1179666 #1179745 #1179877 #1179878 #1179895 #1179960 #1179961 #1180008 #1180027 #1180028 #1180029 #1180030 #1180031 #1180032 #1180052 #1180086 #1180559 #1180562 #1180676 #1181001 #1181158 #1181349 #1181504 #1181553 #1181645 Cross-References: CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 27 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504). o CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc# 1181349). o CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). o CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). o CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc# 1176846). o CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). o CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). o CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). o CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). o CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). o CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). o CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). o CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). o CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). o CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). o CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc #1179960). o CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc# 1179429). o CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). o CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). o CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). o CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). o CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc# 1178182). o CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). o CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). o CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). o CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). The following non-security bugs were fixed: o blk-mq: improve heavily contended tag case (bsc#1178198). o debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). o epoll: Keep a reference on files added to the check list (bsc#1180031). o fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). o futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). o futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). o futex: Fix incorrect should_fail_futex() handling (bsc#1181349). o futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). o futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). o futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). o futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). o futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc# 1149032). o HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). o iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc# 1181001, jsc#ECO-3191). o iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). o kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). o locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc# 1149032). o md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). o md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). o md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). o md/cluster: block reshape with remote resync job (bsc#1163727). o md/cluster: fix deadlock when node is doing resync job (bsc#1163727). o md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727). o md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc# 1163727). o md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). o md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). o Move upstreamed bt fixes into sorted section o nbd: Fix memory leak in nbd_add_socket (bsc#1181504). o net/x25: prevent a couple of overflows (bsc#1178590). o NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). o rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). o s390/dasd: fix hanging device offline processing (bsc#1144912). o scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc# 188304). o scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). o SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). o x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). o x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc# 1181001, jsc#ECO-3191). o x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc# ECO-3191). o x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). o x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). o x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc# ECO-3191). o x86/tracing: Introduce a static key for exception tracing (bsc#1179895). o x86/traps: Simplify pagefault tracing logic (bsc#1179895). o xfrm: Fix memleak on xfrm state destroy (bsc#1158775). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-434=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-434=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-434=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-434=1 o SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-434=1 o SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-434=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-default-devel-debuginfo-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 o SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 o SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 o SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-default-devel-debuginfo-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.68.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.68.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.68.1 o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.68.1 kernel-default-kgraft-devel-4.12.14-95.68.1 kgraft-patch-4_12_14-95_68-default-1-6.3.1 o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.68.1 cluster-md-kmp-default-debuginfo-4.12.14-95.68.1 dlm-kmp-default-4.12.14-95.68.1 dlm-kmp-default-debuginfo-4.12.14-95.68.1 gfs2-kmp-default-4.12.14-95.68.1 gfs2-kmp-default-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 ocfs2-kmp-default-4.12.14-95.68.1 ocfs2-kmp-default-debuginfo-4.12.14-95.68.1 References: o https://www.suse.com/security/cve/CVE-2019-20934.html o https://www.suse.com/security/cve/CVE-2020-0444.html o https://www.suse.com/security/cve/CVE-2020-0465.html o https://www.suse.com/security/cve/CVE-2020-0466.html o https://www.suse.com/security/cve/CVE-2020-15436.html o https://www.suse.com/security/cve/CVE-2020-15437.html o https://www.suse.com/security/cve/CVE-2020-25211.html o https://www.suse.com/security/cve/CVE-2020-25639.html o https://www.suse.com/security/cve/CVE-2020-25669.html o https://www.suse.com/security/cve/CVE-2020-27068.html o https://www.suse.com/security/cve/CVE-2020-27777.html o https://www.suse.com/security/cve/CVE-2020-27786.html o https://www.suse.com/security/cve/CVE-2020-27825.html o https://www.suse.com/security/cve/CVE-2020-27835.html o https://www.suse.com/security/cve/CVE-2020-28374.html o https://www.suse.com/security/cve/CVE-2020-28915.html o https://www.suse.com/security/cve/CVE-2020-28974.html o https://www.suse.com/security/cve/CVE-2020-29371.html o https://www.suse.com/security/cve/CVE-2020-29568.html o https://www.suse.com/security/cve/CVE-2020-29569.html o https://www.suse.com/security/cve/CVE-2020-29660.html o https://www.suse.com/security/cve/CVE-2020-29661.html o https://www.suse.com/security/cve/CVE-2020-36158.html o https://www.suse.com/security/cve/CVE-2020-4788.html o https://www.suse.com/security/cve/CVE-2021-3347.html o https://www.suse.com/security/cve/CVE-2021-3348.html o https://bugzilla.suse.com/1144912 o https://bugzilla.suse.com/1149032 o https://bugzilla.suse.com/1158775 o https://bugzilla.suse.com/1163727 o https://bugzilla.suse.com/1171979 o https://bugzilla.suse.com/1176395 o https://bugzilla.suse.com/1176846 o https://bugzilla.suse.com/1176962 o https://bugzilla.suse.com/1177304 o https://bugzilla.suse.com/1177666 o https://bugzilla.suse.com/1178036 o https://bugzilla.suse.com/1178182 o https://bugzilla.suse.com/1178198 o https://bugzilla.suse.com/1178372 o https://bugzilla.suse.com/1178589 o https://bugzilla.suse.com/1178590 o https://bugzilla.suse.com/1178684 o https://bugzilla.suse.com/1178886 o https://bugzilla.suse.com/1179107 o https://bugzilla.suse.com/1179140 o https://bugzilla.suse.com/1179141 o https://bugzilla.suse.com/1179419 o https://bugzilla.suse.com/1179429 o https://bugzilla.suse.com/1179508 o https://bugzilla.suse.com/1179509 o https://bugzilla.suse.com/1179601 o https://bugzilla.suse.com/1179616 o https://bugzilla.suse.com/1179663 o https://bugzilla.suse.com/1179666 o https://bugzilla.suse.com/1179745 o https://bugzilla.suse.com/1179877 o https://bugzilla.suse.com/1179878 o https://bugzilla.suse.com/1179895 o https://bugzilla.suse.com/1179960 o https://bugzilla.suse.com/1179961 o https://bugzilla.suse.com/1180008 o https://bugzilla.suse.com/1180027 o https://bugzilla.suse.com/1180028 o https://bugzilla.suse.com/1180029 o https://bugzilla.suse.com/1180030 o https://bugzilla.suse.com/1180031 o https://bugzilla.suse.com/1180032 o https://bugzilla.suse.com/1180052 o https://bugzilla.suse.com/1180086 o https://bugzilla.suse.com/1180559 o https://bugzilla.suse.com/1180562 o https://bugzilla.suse.com/1180676 o https://bugzilla.suse.com/1181001 o https://bugzilla.suse.com/1181158 o https://bugzilla.suse.com/1181349 o https://bugzilla.suse.com/1181504 o https://bugzilla.suse.com/1181553 o https://bugzilla.suse.com/1181645 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCnZ6uNLKJtyKPYoAQgdKg/+K4Ivx7gIhXZmE+uwk7kVPrrVGUFFEvAu 7XJEwcqCrg2AS6Mr02RHU5GpFbbtcuyB3LqsUH/8howvf3LkTN8jewwNRD/3mrzB BULw8jOzp+/BnVcRxPY4CCsTtdQTuvZQogRyonT+W3jMgvO0zXg6NT8zk5LdH88Q WKuZe3oG3cmG+G6+mWUDbuFvFUMnm4S7bcpYwDhjdDB5EZTYjL8JexK20uZw1kfb XpKJMhRCXTmCAPm64JSqczFglxUizw0Cb6SorGgYDVs2h1r7IaomNlB7X+Sn+Omk dOcUf0nuLRszvomin87oFiSXtCHOwLB5DOk4tkZQl2OHxkFYdzEH01SSyYtOHJZo fiT9wLt9Z2rGXZnZi3VPglsIADt+efCORX/qozh+oROkukNkhxTaq8deBSJYAkwh 8vSufhqItdneLjlfOE75gxzWdwIXvkk/QtfkfRUbMsaDcHwGQUz7OnXr8E9+eok/ K62Yy+FbKSzsy9Oq8jm0l6sn9baQ3ahVP969sq+ahqZtdA7Tz8YPsffP/64X7Fi/ ifGwmJHyvB7al/rHwArzYcoJsK0ZulAR6GnHDSPrTmFPVbFhwB9Exv98GS49xT4/ 31wopPUZ0i9J30Tc1jbNnCe4GASjD32wpsFcM+h5ZDUQ0WZKjHY3FBeMYYaxifp0 T/EClN4f0ms= =Usn/ -----END PGP SIGNATURE-----