Main Vulnerability Database SB2021041528

SB2021041528 - SUSE update for the Linux Kernel

Published: April 15, 2021

Security Bulletin ID SB2021041528

Severity

High

Patch available

YES

Number of vulnerabilities 33

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 33 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2020-0433)

The vulnerability allows a local authenticated user to execute arbitrary code.

In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299

2) Use-after-free (CVE-ID: CVE-2020-25670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can perform manipulation with an unknown input for the llcp_sock_bind() function to crash or escalate their privileges on the system.

3) Use-after-free (CVE-ID: CVE-2020-25671)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can trigger the llcp_sock_connect() function to crash or escalate their privileges on the system.

4) Memory leak (CVE-ID: CVE-2020-25672)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the NFC LLCP protocol implementation when triggering the llcp_sock_connect() function. A remote attacker can force the application to leak memory and perform denial of service attack.

5) Resource exhaustion (CVE-ID: CVE-2020-25673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control consumption of internal resources in non-blocking socket in llcp_sock_connect() function. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

6) Observable discrepancy (CVE-ID: CVE-2020-27170)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in kernel/bpf/verifier.c due to kernel performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations. A local user can run a specially crafted program to gain access to sensitive information.

7) Off-by-one (CVE-ID: CVE-2020-27171)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an off-by-one error in kernel/bpf/verifier.c affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations. A local user can run a specially crafted program to gain access to sensitive information on the system.

8) Out-of-bounds read (CVE-ID: CVE-2020-27815)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.

9) Out-of-bounds write (CVE-ID: CVE-2020-29368)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.

10) Race condition (CVE-ID: CVE-2020-29374)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the mm/gup.c and mm/huge_memory.c in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information.

11) Out-of-bounds read (CVE-ID: CVE-2020-35519)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the x25_bind() function in net/x25/af_x25.c in the Linux kernel. A local user can run a specially crafted program to read contents of memory on the system.

12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-36311)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to an error in arch/x86/kvm/svm/sev.c in Linux kernel, which allows soft lockup by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions).

13) Incorrect comparison (CVE-ID: CVE-2021-20219)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.

14) Resource management error (CVE-ID: CVE-2021-26930)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when processing service requests to the PV backend within drivers/block/xen-blkback/blkback.c driver in Xen. A local user on the guest OS can perform a denial of service (DoS) attack.

15) Allocation of resources without limits or throttling (CVE-ID: CVE-2021-26931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling error within the scsiback_gnttab_data_map_batch() function in drivers/xen/xen-scsiback.c. A local user can perform a denial of service (DoS) attack.

16) Buffer overflow (CVE-ID: CVE-2021-26932)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the gntdev_map_grant_pages() function in drivers/xen/gntdev.c. A local user can perform a denial of service (DoS) attack.

17) Information disclosure (CVE-ID: CVE-2021-27363)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.

18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-27364)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.

19) Buffer overflow (CVE-ID: CVE-2021-27365)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.

20) Allocation of resources without limits or throttling (CVE-ID: CVE-2021-28038)

The vulnerability allows a local user to a crash the entire system.

The vulnerability exists due to allocation of resources without limits or throttling error within the xenvif_tx_action() function in drivers/net/xen-netback/netback.c. A local user can a crash the entire system.

21) Out-of-bounds write (CVE-ID: CVE-2021-28660)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the "rtw_wx_set_scan" in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c. A local user can trigger out-of-bounds write and execute arbitrary code on the target system.

22) Improper Initialization (CVE-ID: CVE-2021-28688)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. A local user can perform a denial of service attack.

23) Race condition (CVE-ID: CVE-2021-28964)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a race condition in the get_old_root() function in fs/btrfs/ctree.c component in the Linux kernel. A local user can exploit the race and perform a denial of service attack.

24) Resource exhaustion (CVE-ID: CVE-2021-28971)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to mishandling of PEBS status in a PEBS record In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

25) Buffer overflow (CVE-ID: CVE-2021-28972)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the drivers/pci/hotplug/rpadlpar_sysfs.c. A local administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

26) Command Injection (CVE-ID: CVE-2021-29154)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.

27) Input validation error (CVE-ID: CVE-2021-29264)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the gfar_add_rx_frag() and gfar_clean_rx_ring() functions in drivers/net/ethernet/freescale/gianfar.c. A local user can perform a denial of service (DoS) attack.

28) Race condition (CVE-ID: CVE-2021-29265)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the usbip_sockfd_store() function in drivers/usb/usbip/stub_dev.c. A local user can perform a denial of service (DoS) attack.

29) Information disclosure (CVE-ID: CVE-2021-29647)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in qrtr_recvmsg(0 function in net/qrtr/qrtr.c caused by a partially uninitialized data structure. A local user can read sensitive information from kernel memory.

30) Memory leak (CVE-ID: CVE-2021-30002)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.

31) Integer overflow (CVE-ID: CVE-2021-3428)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in fs/ext4/extents.c in ext4_es_cache_extent() function, if an extent tree is corrupted in a crafted ext4 filesystem. A local user can mount a specially crafted filesystem and perform a denial of service (DoS) attack.

32) Out-of-bounds read (CVE-ID: CVE-2021-3444)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the fixup_bpf_calls() function in kernel/bpf/verifier.c. A local user can execute arbitrary code.

33) Use-after-free (CVE-ID: CVE-2021-3483)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Nosy driver in the Linux kernel. A local user can trigger use-after-free and to escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-20211210-1/

Vulnerable Software

SUSE Linux Enterprise High Availability: 12-SP5
SUSE Linux Enterprise Live Patching: 12-SP5
SUSE Linux Enterprise Workstation Extension: 12-SP5
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
ocfs2-kmp-default-debuginfo: before 4.12.14-122.66.2
ocfs2-kmp-default: before 4.12.14-122.66.2
gfs2-kmp-default-debuginfo: before 4.12.14-122.66.2
gfs2-kmp-default: before 4.12.14-122.66.2
dlm-kmp-default-debuginfo: before 4.12.14-122.66.2
dlm-kmp-default: before 4.12.14-122.66.2
cluster-md-kmp-default-debuginfo: before 4.12.14-122.66.2
cluster-md-kmp-default: before 4.12.14-122.66.2
kgraft-patch-4_12_14-122_66-default: before 1-8.3.2
kernel-default-kgraft-devel: before 4.12.14-122.66.2
kernel-default-kgraft: before 4.12.14-122.66.2
kernel-default-man: before 4.12.14-122.66.2
kernel-default-devel-debuginfo: before 4.12.14-122.66.2
kernel-source: before 4.12.14-122.66.2
kernel-macros: before 4.12.14-122.66.2
kernel-devel: before 4.12.14-122.66.2
kernel-syms: before 4.12.14-122.66.2
kernel-default-devel: before 4.12.14-122.66.2
kernel-default-base-debuginfo: before 4.12.14-122.66.2
kernel-default-base: before 4.12.14-122.66.2
kernel-default: before 4.12.14-122.66.2
kernel-docs: before 4.12.14-122.66.2
kernel-obs-build-debugsource: before 4.12.14-122.66.2
kernel-obs-build: before 4.12.14-122.66.2
kernel-default-extra-debuginfo: before 4.12.14-122.66.2
kernel-default-extra: before 4.12.14-122.66.2
kernel-default-debugsource: before 4.12.14-122.66.2
kernel-default-debuginfo: before 4.12.14-122.66.2

SB2021041528 - SUSE update for the Linux Kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human