Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2509 Security update for the Linux Kernel 23 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Impact/Access: Access Privileged Data -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-34693 CVE-2021-33909 CVE-2021-33624 CVE-2021-33200 CVE-2021-22555 CVE-2021-3609 CVE-2021-0605 CVE-2021-0512 CVE-2021-0129 CVE-2020-36386 CVE-2020-36385 CVE-2020-26558 CVE-2020-24588 Reference: ESB-2021.2477 ESB-2021.2456 ESB-2021.2443 Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20212427-1 https://www.suse.com/support/update/announcement/2021/suse-su-20212422-1 Comment: This bulletin contains two (2) SUSE security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2427-1 Rating: important References: #1153720 #1174978 #1179610 #1181193 #1185428 #1185701 #1185861 #1186463 #1186484 #1187038 #1187050 #1187215 #1187452 #1187554 #1187595 #1187601 #1188062 #1188116 Cross-References: CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/ x_tables.c that could allow local provilege escalation. (bsc#1188116) o CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) o CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bnc#1179610) o CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) o CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bnc#1186463) o CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) o CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861 bsc#1185863) o CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) o CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) o CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. (bsc#1187050) o CVE-2021-33200: Fix leakage of uninitialized bpf stack under speculation. (bsc#1186484) The following non-security bugs were fixed: o af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc# 1176081). o kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). o net: Do not set transport offset to invalid value (bsc#1176081). o net: Introduce parse_protocol header_ops callback (bsc#1176081). o net/ethernet: Add parse_protocol header_ops support (bsc#1176081). o net/mlx5e: Remove the wrong assumption about transport offset (bsc# 1176081). o net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). o net/packet: Ask driver for protocol if not provided by user (bsc#1176081). o net/packet: Remove redundant skb->protocol set (bsc#1176081). o resource: Fix find_next_iomem_res() iteration issue (bsc#1181193). o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc# 1174978 bsc#1185701). o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc# 1185428). o SUNRPC: More fixes for backlog congestion (bsc#1185428). o x86/crash: Add e820 reserved ranges to kdump kernel's e820 table (bsc# 1181193). o x86/debug: Extend the lower bound of crash kernel low reservations (bsc# 1153720). o x86/e820, ioport: Add a new I/O resource descriptor IORES_DESC_RESERVED (bsc#1181193). o x86/mm: Rework ioremap resource mapping determination (bsc#1181193). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2427=1 o SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2427=1 o SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2427=1 o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2427=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2427=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2427=1 o SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2427=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2427=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2427=1 o SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2427=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2427=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o SUSE Manager Server 4.0 (ppc64le s390x x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Manager Server 4.0 (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Manager Server 4.0 (s390x): kernel-default-man-4.12.14-197.99.1 kernel-zfcpdump-debuginfo-4.12.14-197.99.1 kernel-zfcpdump-debugsource-4.12.14-197.99.1 o SUSE Manager Retail Branch Server 4.0 (x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Manager Retail Branch Server 4.0 (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Manager Proxy 4.0 (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Manager Proxy 4.0 (x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-197.99.1 kernel-zfcpdump-debuginfo-4.12.14-197.99.1 kernel-zfcpdump-debugsource-4.12.14-197.99.1 o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-livepatch-4.12.14-197.99.1 kernel-default-livepatch-devel-4.12.14-197.99.1 kernel-livepatch-4_12_14-197_99-default-1-3.3.3 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.99.1 cluster-md-kmp-default-debuginfo-4.12.14-197.99.1 dlm-kmp-default-4.12.14-197.99.1 dlm-kmp-default-debuginfo-4.12.14-197.99.1 gfs2-kmp-default-4.12.14-197.99.1 gfs2-kmp-default-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 ocfs2-kmp-default-4.12.14-197.99.1 ocfs2-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 o SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-197.99.1 kernel-docs-4.12.14-197.99.1 kernel-macros-4.12.14-197.99.1 kernel-source-4.12.14-197.99.1 o SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-197.99.1 kernel-default-base-4.12.14-197.99.1 kernel-default-base-debuginfo-4.12.14-197.99.1 kernel-default-debuginfo-4.12.14-197.99.1 kernel-default-debugsource-4.12.14-197.99.1 kernel-default-devel-4.12.14-197.99.1 kernel-default-devel-debuginfo-4.12.14-197.99.1 kernel-obs-build-4.12.14-197.99.1 kernel-obs-build-debugsource-4.12.14-197.99.1 kernel-syms-4.12.14-197.99.1 reiserfs-kmp-default-4.12.14-197.99.1 reiserfs-kmp-default-debuginfo-4.12.14-197.99.1 References: o https://www.suse.com/security/cve/CVE-2020-24588.html o https://www.suse.com/security/cve/CVE-2020-26558.html o https://www.suse.com/security/cve/CVE-2020-36385.html o https://www.suse.com/security/cve/CVE-2020-36386.html o https://www.suse.com/security/cve/CVE-2021-0129.html o https://www.suse.com/security/cve/CVE-2021-0512.html o https://www.suse.com/security/cve/CVE-2021-0605.html o https://www.suse.com/security/cve/CVE-2021-22555.html o https://www.suse.com/security/cve/CVE-2021-33200.html o https://www.suse.com/security/cve/CVE-2021-33624.html o https://www.suse.com/security/cve/CVE-2021-33909.html o https://www.suse.com/security/cve/CVE-2021-34693.html o https://www.suse.com/security/cve/CVE-2021-3609.html o https://bugzilla.suse.com/1153720 o https://bugzilla.suse.com/1174978 o https://bugzilla.suse.com/1179610 o https://bugzilla.suse.com/1181193 o https://bugzilla.suse.com/1185428 o https://bugzilla.suse.com/1185701 o https://bugzilla.suse.com/1185861 o https://bugzilla.suse.com/1186463 o https://bugzilla.suse.com/1186484 o https://bugzilla.suse.com/1187038 o https://bugzilla.suse.com/1187050 o https://bugzilla.suse.com/1187215 o https://bugzilla.suse.com/1187452 o https://bugzilla.suse.com/1187554 o https://bugzilla.suse.com/1187595 o https://bugzilla.suse.com/1187601 o https://bugzilla.suse.com/1188062 o https://bugzilla.suse.com/1188116 - -------------------------------------------------------------------------------------------------------------------------------------------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2422-1 Rating: important References: #1104967 #1174978 #1179610 #1185701 #1185861 #1186463 #1186484 #1187038 #1187050 #1187215 #1187452 #1187554 #1187595 #1187601 #1187934 #1188062 #1188116 Cross-References: CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/ x_tables.c (bnc#1188116). o CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). o CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). o CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). o CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). o CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc# 1187595). o CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463). o CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). o CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). o CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). o CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). o CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861). o CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484). The following non-security bugs were fixed: o block: do not use blocking queue entered for recursive bio (bsc#1104967). o s390/stack: fix possible register corruption with stack switch helper (git-fixes). o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc# 1174978 bsc#1185701). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2422=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2422=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2422=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2422=1 o SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2422=1 o SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-2422=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.80.1 kernel-default-base-4.12.14-95.80.1 kernel-default-base-debuginfo-4.12.14-95.80.1 kernel-default-debuginfo-4.12.14-95.80.1 kernel-default-debugsource-4.12.14-95.80.1 kernel-default-devel-4.12.14-95.80.1 kernel-default-devel-debuginfo-4.12.14-95.80.1 kernel-syms-4.12.14-95.80.1 o SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.80.1 kernel-macros-4.12.14-95.80.1 kernel-source-4.12.14-95.80.1 o SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.80.1 kernel-default-base-4.12.14-95.80.1 kernel-default-base-debuginfo-4.12.14-95.80.1 kernel-default-debuginfo-4.12.14-95.80.1 kernel-default-debugsource-4.12.14-95.80.1 kernel-default-devel-4.12.14-95.80.1 kernel-default-devel-debuginfo-4.12.14-95.80.1 kernel-syms-4.12.14-95.80.1 o SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.80.1 kernel-macros-4.12.14-95.80.1 kernel-source-4.12.14-95.80.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.80.1 kernel-default-base-4.12.14-95.80.1 kernel-default-base-debuginfo-4.12.14-95.80.1 kernel-default-debuginfo-4.12.14-95.80.1 kernel-default-debugsource-4.12.14-95.80.1 kernel-default-devel-4.12.14-95.80.1 kernel-syms-4.12.14-95.80.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.80.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.80.1 kernel-macros-4.12.14-95.80.1 kernel-source-4.12.14-95.80.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.80.1 kernel-default-base-4.12.14-95.80.1 kernel-default-base-debuginfo-4.12.14-95.80.1 kernel-default-debuginfo-4.12.14-95.80.1 kernel-default-debugsource-4.12.14-95.80.1 kernel-default-devel-4.12.14-95.80.1 kernel-syms-4.12.14-95.80.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.80.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.80.1 kernel-macros-4.12.14-95.80.1 kernel-source-4.12.14-95.80.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.80.1 o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.80.1 kernel-default-kgraft-devel-4.12.14-95.80.1 kgraft-patch-4_12_14-95_80-default-1-6.3.1 o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.80.1 cluster-md-kmp-default-debuginfo-4.12.14-95.80.1 dlm-kmp-default-4.12.14-95.80.1 dlm-kmp-default-debuginfo-4.12.14-95.80.1 gfs2-kmp-default-4.12.14-95.80.1 gfs2-kmp-default-debuginfo-4.12.14-95.80.1 kernel-default-debuginfo-4.12.14-95.80.1 kernel-default-debugsource-4.12.14-95.80.1 ocfs2-kmp-default-4.12.14-95.80.1 ocfs2-kmp-default-debuginfo-4.12.14-95.80.1 References: o https://www.suse.com/security/cve/CVE-2020-24588.html o https://www.suse.com/security/cve/CVE-2020-26558.html o https://www.suse.com/security/cve/CVE-2020-36385.html o https://www.suse.com/security/cve/CVE-2020-36386.html o https://www.suse.com/security/cve/CVE-2021-0129.html o https://www.suse.com/security/cve/CVE-2021-0512.html o https://www.suse.com/security/cve/CVE-2021-0605.html o https://www.suse.com/security/cve/CVE-2021-22555.html o https://www.suse.com/security/cve/CVE-2021-33200.html o https://www.suse.com/security/cve/CVE-2021-33624.html o https://www.suse.com/security/cve/CVE-2021-33909.html o https://www.suse.com/security/cve/CVE-2021-34693.html o https://www.suse.com/security/cve/CVE-2021-3609.html o https://bugzilla.suse.com/1104967 o https://bugzilla.suse.com/1174978 o https://bugzilla.suse.com/1179610 o https://bugzilla.suse.com/1185701 o https://bugzilla.suse.com/1185861 o https://bugzilla.suse.com/1186463 o https://bugzilla.suse.com/1186484 o https://bugzilla.suse.com/1187038 o https://bugzilla.suse.com/1187050 o https://bugzilla.suse.com/1187215 o https://bugzilla.suse.com/1187452 o https://bugzilla.suse.com/1187554 o https://bugzilla.suse.com/1187595 o https://bugzilla.suse.com/1187601 o https://bugzilla.suse.com/1187934 o https://bugzilla.suse.com/1188062 o https://bugzilla.suse.com/1188116 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYPoVbONLKJtyKPYoAQh5FA/9G8JZhkZsyvVMW0uUzsLyf0Jsxwkk0cvp rJOMk3hb2Y1aAk78aFliphUpM2Ej3uZyngxA3nqEKM4iQpUxgfYeyia9NsuYzshz UqJVHD0UEuzqjO9zp+73gzmG1GKd97I6JecC+LCrajVIzA82wyJIIofqnQpjTDVO eyr8Aa4hSTNUwPiDQpfMFdnXi4jRJgY4J91BbC5RFpP9+KtdREKth1JO8VToXHkP wj0H2dD3HSHLOAyQV8YDZ0SFjGJ3FgyMhzwNOHnSRrl/3IoBynusrlnA04mbpV63 7RkRZ/VUS57B1zVJR8xfDKhv4ESrZFlAfIxUakT82glupbv0LTJr/ku1oYU4FFiQ 6fs4Y/5StavDpIqVwVy6vRoCj1/PaQYeL6HNKAHXV4shrQeICXwsJTR+Qm4T2a4t CXciR42mhyv+tiXXGFoKJEPqMIAXjd4mnHrr2pFkpQsmMNDO2BCbe6eML/RMY4cn SbbCCUnHj4OINw0ZKhYo1mnbAdS/abiOj3Xwm+ODHkJZQKVx2j0ydamEe7E/M8gU fQ47XjJyLZgy3V0wXX9DnqFlgHfGznUuH3YHyQI8gU6doGmkX/UqWMydQJ0oBsn4 fQ/i2T+QjhzHzPyJ2QwtGx+DYAwrntDl1iBnO3nh0ph5JtX+jueGH3Cj2inutzIn LOnGPeaucZk= =bWBJ -----END PGP SIGNATURE-----