openSUSE 15.2: 2021:1501-1 Important Update For Kernel Security
opensuse
November 24, 2021
An update that solves 6 vulnerabilities, contains one feature and has 22 fixes is now available
Description
The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface
as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting
/proc/sys/kernel/unprivileged_bpf_disabled to 0.
(kernel.unprivileged_bpf_disabled = 0)
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible
out of bounds read due to a use after free. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in
list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module
in the Linux kernel A bound check failure allowed an attacker with
special user (CAP_SYS_ADMIN) privilege to gain...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1501=1
Package List
- openSUSE Leap 15.2 (noarch):
kernel-devel-5.3.18-lp152.106.1
kernel-docs-5.3.18-lp152.106.1
kernel-docs-html-5.3.18-lp152.106.1
kernel-macros-5.3.18-lp152.106.1
kernel-source-5.3.18-lp152.106.1
kernel-source-vanilla-5.3.18-lp152.106.1
- openSUSE Leap 15.2 (x86_64):
kernel-debug-5.3.18-lp152.106.1
kernel-debug-debuginfo-5.3.18-lp152.106.1
kernel-debug-debugsource-5.3.18-lp152.106.1
kernel-debug-devel-5.3.18-lp152.106.1
kernel-debug-devel-debuginfo-5.3.18-lp152.106.1
kernel-default-5.3.18-lp152.106.1
kernel-default-base-5.3.18-lp152.106.1.lp152.8.52.1
kernel-default-base-rebuild-5.3.18-lp152.106.1.lp152.8.52.1
kernel-default-debuginfo-5.3.18-lp152.106.1
kernel-default-debugsource-5.3.18-lp152.106.1
kernel-default-devel-5.3.18-lp152.106.1
kernel-default-devel-debuginfo-5.3.18-lp152.106.1
kernel-kvmsmall-5.3.18-lp152.106.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.106.1
kernel-kvmsmall-debugsource-5.3.18-lp152.106.1
kernel-kvmsmall-devel-5.3.18-lp152.106.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.106.1
kernel-o...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2021-0941.html
https://www.suse.com/security/cve/CVE-2021-20322.html
https://www.suse.com/security/cve/CVE-2021-31916.html
https://www.suse.com/security/cve/CVE-2021-34981.html
https://www.suse.com/security/cve/CVE-2021-37159.html
https://www.suse.com/security/cve/CVE-2021-43389.html
https://bugzilla.suse.com/1094840
https://bugzilla.suse.com/1133021
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1169263
https://bugzilla.suse.com/1170269
https://bugzilla.suse.com/1188601
https://bugzilla.suse.com/1190523
https://bugzilla.suse.com/1190795
https://bugzilla.suse.com/1191790
https://bugzilla.suse.com/1191851
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1191961
https://bugzilla.suse.com/1191980
https://bugzilla.suse.com/1192045
https://bugzilla.suse.com/1192229
https://bugzilla.suse.com/1192267
https://bugzilla.suse.com/1192273
https://bugzilla.suse.com/1192328
https://bugzilla.suse.com/1192718
https://bugzilla.suse.com/1192740
https://bugzilla.suse.c...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:1501-1
Rating: important
Affected Products:
openSUSE Leap 15.2
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!