SUSE-SU-2021:3386-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Oct 12 19:17:13 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3386-1
Rating:             important
References:         #1050244 #1056653 #1056657 #1056787 #1065729 
                    #1104745 #1109837 #1111981 #1114648 #1118661 
                    #1129770 #1148868 #1158533 #1173746 #1176940 
                    #1181193 #1184439 #1185677 #1185727 #1186785 
                    #1189297 #1189407 #1189884 #1190023 #1190115 
                    #1190159 #1190523 #1190534 #1190543 #1190576 
                    #1190601 #1190620 #1190626 #1190717 #1190914 
                    #1191051 #1191136 #1191193 
Cross-References:   CVE-2020-3702 CVE-2021-3744 CVE-2021-3752
                    CVE-2021-3764 CVE-2021-40490
CVSS scores:
                    CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3744 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3764 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-40490 (SUSE): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 33 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 12 SP56 kernel was updated.


   The following security bugs were fixed:

   - CVE-2020-3702: Fixed a bug which could be triggered with specifically
     timed and handcrafted traffic and cause internal errors in a WLAN device
     that lead to improper layer 2 Wi-Fi encryption with a consequent
     possibility of information disclosure. (bnc#1191193)
   - CVE-2021-3752: Fixed a use after free vulnerability in the Linux
     kernel's bluetooth module. (bsc#1190023)
   - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem
     that could leat to local priviledge escalation. (bnc#1190159)
   - CVE-2021-3744: Fixed a bug which could allows attackers to cause a
     denial of service. (bsc#1189884)
   - CVE-2021-3764: Fixed a bug which could allows attackers to cause a
     denial of service. (bsc#1190534)

   The following non-security bugs were fixed:

   - be2net: Fix an error handling path in 'be_probe()' (git-fixes).
   - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
   - bnxt: Add missing DMA memory barriers (git-fixes).
   - bnxt: do not disable an already disabled PCI device (git-fixes).
   - bnxt: disable napi before canceling DIM (bsc#1104745 ).
   - btrfs: prevent rename2 from exchanging a subvol with a directory from
     different parents (bsc#1190626).
   - clk: at91: clk-generated: Limit the requested rate to our range
     (git-fixes).
   - clk: kirkwood: Fix a clocking boot regression (git-fixes).
   - crypto: x86/aes-ni-xts - use direct calls to and 4-way stride
     (bsc#1114648).
   - cxgb4: fix IRQ free race during driver unload (git-fixes).
   - debugfs: Return error during {full/open}_proxy_open() on rmmod
     (bsc#1173746).
   - docs: Fix infiniband uverbs minor number (git-fixes).
   - drm/gma500: Fix end of loop tests for list_for_each_entry (bsc#1129770)
     Backporting changes: 	* refresh
   - drm/imx: ipuv3-plane: Remove two unnecessary export symbols
     (bsc#1129770) Backporting changes: 	* refreshed
   - drm/mediatek: Add AAL output size configuration (bsc#1129770)
     Backporting changes: 	* adapted code to use writel() function
   - drm/msm: Small msm_gem_purge() fix (bsc#1129770) Backporting changes: 	*
     context changes in msm_gem_purge() 	* remove test for non-existant
     msm_gem_is_locked()
   - drm/msm/dsi: Fix some reference counted resource leaks (bsc#1129770)
   - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
     (bsc#1186785).
   - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64
     (bsc#1129770) Backporting changes 	* context changes
   - dt-bindings: pwm: stm32: Add #pwm-cells (git-fixes).
   - e1000e: Do not take care about recovery NVM checksum (bsc#1158533).
   - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes).
   - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
   - EDAC/i10nm: Fix NVDIMM detection (bsc#1114648).
   - fbmem: add margin check to fb_check_caps() (bsc#1129770) Backporting
     changes: 	* context chacnges in fb_set_var()
   - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes).
   - fs/select: avoid clang stack usage warning (git-fixes).
   - fuse: truncate pagecache on atomic_o_trunc (bsc#1191051).
   - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
   - hv_netvsc: Make netvsc/VF binding check both MAC and serial number
     (jsc#SLE-18779, bsc#1185727).
   - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779,
     bsc#1185727).
   - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779,
     bsc#1185727).
   - i40e: Add additional info to PHY type error (git-fixes).
   - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
   - i40e: Fix error handling in i40e_vsi_open (git-fixes).
   - i40e: Fix log TC creation failure when max num of queues is exceeded
     (bsc#1109837 bsc#1111981).
   - i40e: Fix logic of disabling queues (git-fixes).
   - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
   - iavf: Set RSS LUT and key in reset handle path (git-fixes).
   - ibmvnic: check failover_pending in login response (bsc#1190523
     ltc#194510).
   - ice: Prevent probing virtual functions (bsc#1118661 ).
   - igb: Check if num of q_vectors is smaller than max before array access
     (git-fixes).
   - igb: Fix an error handling path in 'igb_probe()' (git-fixes).
   - igb: Fix use-after-free error during reset (git-fixes).
   - ipc: remove memcg accounting for sops objects in do_semtimedop()
     (bsc#1190115).
   - irqchip/gic-v2: Reset APRn registers at boot time (bsc#1189407).
   - irqchip/gic-v3: Do not try to reset AP0Rn (bsc#1189407).
   - irqchip/gic-v3: Reset APgRn registers at boot time (bsc#1189407).
   - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes).
   - kdb: do a sanity check on the cpu in kdb_per_cpu() (git-fixes).
   - KVM: x86: Use kernel's x86_phys_bits to handle reduced MAXPHYADDR
     (bsc#1114648).
   - liquidio: Fix unintentional sign extension issue on left shift of u16
     (git-fixes).
   - mailbox: sti: quieten kernel-doc warnings (git-fixes).
   - mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
   - net: linkwatch: fix failure to restore device state across
     suspend/resume (bsc#1109837).
   - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
   - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779,
     bsc#1185727).
   - net: mana: Fix a memory leak in an error handling path in
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
   - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
   - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779,
     bsc#1185727).
   - net: mana: remove redundant initialization of variable err
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: Use int to check the return value of mana_gd_poll_cq()
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
   - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
   - net: qed: fix left elements count calculation (git-fixes).
   - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
   - net: sched: cls_api: Fix the the wrong parameter (bsc#1109837).
   - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
     (bsc#1056657 bsc#1056653 bsc#1056787).
   - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
   - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
   - powerpc: fix function annotations to avoid section mismatch warnings
     with gcc-10 (bsc#1148868).
   - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
     ltc#194523).
   - powerpc/mm: Fix section mismatch warning (bsc#1148868).
   - powerpc/mm: Fix section mismatch warning in early_check_vec5()
     (bsc#1148868).
   - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1065729).
   - powerpc/numa: Early request for home node associativity (bsc#1190914).
   - powerpc/perf: Drop the case of returning 0 as instruction pointer
     (bsc#1065729).
   - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not
     set (bsc#1065729).
   - powerpc/perf: Fix the check for SIAR value (bsc#1065729).
   - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
   - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
   - powerpc/perf: Use the address from SIAR register to set cpumode flags
     (bsc#1065729).
   - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
   - powerpc/powernv: Fix machine check reporting of async store errors
     (bsc#1065729).
   - powerpc/pseries: Move mm/book3s64/vphn.c under platforms/pseries/
     (bsc#1190914).
   - powerpc/pseries: Prevent free CPU ids being reused on another node
     (bsc#1190620 ltc#194498).
   - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
   - profiling: fix shift-out-of-bounds bugs (git-fixes).
   - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
   - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
   - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
   - RDMA/efa: Be consistent with modify QP bitmask (git-fixes)
   - RDMA/efa: Use the correct current and new states in modify QP (git-fixes)
   - resource: Fix find_next_iomem_res() iteration issue (bsc#1181193).
   - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601).
   - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
     (bsc#1190601).
   - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601).
   - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
   - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601).
   - s390/unwind: use current_frame_address() to unwind current task
     (bsc#1185677).
   - scsi: core: Add helper to return number of logical blocks in a request
     (bsc#1190576).
   - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
   - scsi: fc: Add EDC ELS definition (bsc#1190576).
   - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
   - scsi: lpfc: Add bsg support for retrieving adapter cmf data
     (bsc#1190576).
   - scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
   - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
   - scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
   - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
   - scsi: lpfc: Add EDC ELS support (bsc#1190576).
   - scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
   - scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
   - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to
     firmware (bsc#1190576).
   - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
   - scsi: lpfc: Add support for maintaining the cm statistics buffer
     (bsc#1190576).
   - scsi: lpfc: Add support for the CM framework (bsc#1190576).
   - scsi: lpfc: Adjust bytes received vales during cmf timer interval
     (bsc#1190576).
   - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
   - scsi: lpfc: Do not release final kref on Fport node while ABTS
     outstanding (bsc#1190576).
   - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
   - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
   - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS
     (bsc#1190576).
   - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing
     (bsc#1190576).
   - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
   - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
     (bsc#1190576).
   - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
   - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
   - scsi: lpfc: Fix I/O block after enabling managed congestion mode
     (bsc#1190576).
   - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
   - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
   - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT
     (bsc#1190576).
   - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
   - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
     (bsc#1190576).
   - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
   - scsi: lpfc: Remove unneeded variable (bsc#1190576).
   - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
   - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
   - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
   - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190576).
   - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
   - scsi: lpfc: Zero CGN stats only during initial driver load and stat
     reset (bsc#1190576).
   - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
   - SUNRPC: Ensure to ratelimit the "server not responding" syslog messages
     (bsc#1191136).
   - USB: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
     (git-fixes).
   - USB: serial: option: add new VID/PID to support Fibocom FG150
     (git-fixes).
   - USB: serial: option: remove duplicate USB device ID (git-fixes).
   - video: fbdev: imxfb: Fix an error message (bsc#1129770) Backporting
     changes: 	* context changes in imxfb_probe()
   - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
   - x86/crash: Add e820 reserved ranges to kdump kernel's e820 table
     (bsc#1181193).
   - x86/e820, ioport: Add a new I/O resource descriptor IORES_DESC_RESERVED
     (bsc#1181193).
   - x86/mm: Fix kern_addr_valid() to cope with existing but not present
     entries (bsc#1114648).
   - x86/mm: Rework ioremap resource mapping determination (bsc#1181193).
   - x86/resctrl: Fix a maybe-uninitialized build warning treated as error
     (bsc#1114648).
   - x86/resctrl: Fix default monitoring groups reporting (bsc#1114648).
   - xgene-v2: Fix a resource leak in the error handling path of
     'xge_probe()' (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3386=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3386=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3386=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3386=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3386=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.91.2
      kernel-default-debugsource-4.12.14-122.91.2
      kernel-default-extra-4.12.14-122.91.2
      kernel-default-extra-debuginfo-4.12.14-122.91.2

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.91.2
      kernel-obs-build-debugsource-4.12.14-122.91.2

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.91.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.91.2
      kernel-default-base-4.12.14-122.91.2
      kernel-default-base-debuginfo-4.12.14-122.91.2
      kernel-default-debuginfo-4.12.14-122.91.2
      kernel-default-debugsource-4.12.14-122.91.2
      kernel-default-devel-4.12.14-122.91.2
      kernel-syms-4.12.14-122.91.2

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.91.2
      kernel-macros-4.12.14-122.91.2
      kernel-source-4.12.14-122.91.2

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.91.2

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.91.2

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.91.2
      kernel-default-debugsource-4.12.14-122.91.2
      kernel-default-kgraft-4.12.14-122.91.2
      kernel-default-kgraft-devel-4.12.14-122.91.2
      kgraft-patch-4_12_14-122_91-default-1-8.3.2

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.91.2
      cluster-md-kmp-default-debuginfo-4.12.14-122.91.2
      dlm-kmp-default-4.12.14-122.91.2
      dlm-kmp-default-debuginfo-4.12.14-122.91.2
      gfs2-kmp-default-4.12.14-122.91.2
      gfs2-kmp-default-debuginfo-4.12.14-122.91.2
      kernel-default-debuginfo-4.12.14-122.91.2
      kernel-default-debugsource-4.12.14-122.91.2
      ocfs2-kmp-default-4.12.14-122.91.2
      ocfs2-kmp-default-debuginfo-4.12.14-122.91.2


References:

   https://www.suse.com/security/cve/CVE-2020-3702.html
   https://www.suse.com/security/cve/CVE-2021-3744.html
   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://www.suse.com/security/cve/CVE-2021-3764.html
   https://www.suse.com/security/cve/CVE-2021-40490.html
   https://bugzilla.suse.com/1050244
   https://bugzilla.suse.com/1056653
   https://bugzilla.suse.com/1056657
   https://bugzilla.suse.com/1056787
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1104745
   https://bugzilla.suse.com/1109837
   https://bugzilla.suse.com/1111981
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1118661
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1148868
   https://bugzilla.suse.com/1158533
   https://bugzilla.suse.com/1173746
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1181193
   https://bugzilla.suse.com/1184439
   https://bugzilla.suse.com/1185677
   https://bugzilla.suse.com/1185727
   https://bugzilla.suse.com/1186785
   https://bugzilla.suse.com/1189297
   https://bugzilla.suse.com/1189407
   https://bugzilla.suse.com/1189884
   https://bugzilla.suse.com/1190023
   https://bugzilla.suse.com/1190115
   https://bugzilla.suse.com/1190159
   https://bugzilla.suse.com/1190523
   https://bugzilla.suse.com/1190534
   https://bugzilla.suse.com/1190543
   https://bugzilla.suse.com/1190576
   https://bugzilla.suse.com/1190601
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190626
   https://bugzilla.suse.com/1190717
   https://bugzilla.suse.com/1190914
   https://bugzilla.suse.com/1191051
   https://bugzilla.suse.com/1191136
   https://bugzilla.suse.com/1191193



More information about the sle-security-updates mailing list