SB2021120741 - SUSE update for the Linux Kernel
Published: December 7, 2021 Updated: June 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 36 secuirty vulnerabilities.
1) Speculative Store Bypass (CVE-ID: CVE-2018-3639)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.
Note: the vulnerability is referred to as "Spectre variant 4".
2) Use-after-free (CVE-ID: CVE-2018-9517)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pppol2tp_connect. A local user can trigger memory corruption and escalate privileges on the system.
3) Input validation error (CVE-ID: CVE-2019-3874)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. A local user can perform a denial of service (DoS) attack.
4) Infinite loop (CVE-ID: CVE-2019-3900)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in vhost_net kernel module when processing incoming packets in handle_rx(). A remote attacker with access to guest operating system can stall the vhost_net kernel thread and cause denial of service conditions.
5) Input validation error (CVE-ID: CVE-2020-12770)
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.
6) Cryptographic Issues (CVE-ID: CVE-2020-3702)
The vulnerability allows a remote attacker to gain access top sensitive information.
The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.
7) Out-of-bounds read (CVE-ID: CVE-2021-0941)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in __bpf_skb_max_len() function in net/core/filter.c in the Linux kernel. A local user with special privilege can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
8) Input validation error (CVE-ID: CVE-2021-20320)
The vulnerability allows a local user to gain access to sensitive information.
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
9) Use of insufficiently random values (CVE-ID: CVE-2021-20322)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when processing received ICMP errors. A remote attacker can effectively bypass the source port UDP randomization to gain access to sensitive information.
10) Buffer overflow (CVE-ID: CVE-2021-22543)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.
11) Out-of-bounds write (CVE-ID: CVE-2021-31916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module. A special user (CAP_SYS_ADMIN) can trigger a buffer overflow in the ioctl for listing devices and escalate privileges on the system.
12) Use-after-free (CVE-ID: CVE-2021-33033)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of the CIPSO and CALIPSO refcounting for the DOI definitions in cipso_v4_genopt(0 function in net/ipv4/cipso_ipv4.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with escalated privileges.
13) Information disclosure (CVE-ID: CVE-2021-34556)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
14) Double Free (CVE-ID: CVE-2021-34981)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the CMTP module in Linux kernel. A local user can trigger a double free error and execute arbitrary code on the system.
15) Observable discrepancy (CVE-ID: CVE-2021-35477)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable discrepancy error. A local user can gain access to sensitive information.
16) Use-after-free (CVE-ID: CVE-2021-3640)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.
17) Security restrictions bypass (CVE-ID: CVE-2021-3653)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.
As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
18) Missing initialization of resource (CVE-ID: CVE-2021-3655)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing initialization of resource in the Linux kernel when processing inbound SCTP packets. A remote attacker can send specially crafted SCTP packets to the system and force the kernel to read uninitialized memory.
19) Security restrictions bypass (CVE-ID: CVE-2021-3656)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest.The vulnerability allows the L2 guest to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
20) NULL pointer dereference (CVE-ID: CVE-2021-3659)
The vulnerability allows a local usre to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the way the user closes the LR-WPAN connection within the IEEE 802.15.4 wireless networking subsystem. A local user can perform a denial of service (DoS) attack.
21) Resource exhaustion (CVE-ID: CVE-2021-3679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
22) Double Free (CVE-ID: CVE-2021-37159)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-3732)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.
24) Memory leak (CVE-ID: CVE-2021-3744)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c. A local user can force the application to leak memory and perform denial of service attack.
25) Use-after-free (CVE-ID: CVE-2021-3752)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.
26) Out-of-bounds read (CVE-ID: CVE-2021-3753)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.
27) Out-of-bounds write (CVE-ID: CVE-2021-37576)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a boundary error in arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform. An attacker on KVM guest OS can cause host OS memory corruption via rtas_args.nargs and execute arbitrary code on the host OS.
28) Use-after-free (CVE-ID: CVE-2021-3760)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the NFC stack. A local user can trigger use-after-free error to escalate privileges on the system.
29) Memory leak (CVE-ID: CVE-2021-3764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak error in the ccp_run_aes_gcm_cmd() function in Linux kernel. A local user can trigger a memory leak error and perform a denial of service (DoS) attack.
30) Insufficient verification of data authenticity (CVE-ID: CVE-2021-3772)
The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.
31) Incorrect permission assignment for critical resource (CVE-ID: CVE-2021-38198)
The vulnerability allows a local user to perform a denial of service attack.The vulnerability exists due to arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page. A local user can trigger an error to perform a denial of service attack.
32) Use-after-free (CVE-ID: CVE-2021-38204)
The vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.
33) Race condition (CVE-ID: CVE-2021-40490)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
34) Out-of-bounds write (CVE-ID: CVE-2021-41864)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
35) Out-of-bounds write (CVE-ID: CVE-2021-42008)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the decode_data() function in drivers/net/hamradio/6pack.c in the Linux kernel. A local user can send input from a process that has the CAP_NET_ADMIN capability and escalate privileges on the system.
36) Out-of-bounds write (CVE-ID: CVE-2021-42252)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the aspeed_lpc_ctrl_mmap() function in drivers/soc/aspeed/aspeed-lpc-ctrl.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.