openSUSE: 2021:2305-1 important: the Linux Kernel | LinuxSecurity.com

Advisories


   openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:2305-1
Rating:             important
References:         #1152489 #1153274 #1154353 #1155518 #1164648 
                    #1176447 #1176774 #1176919 #1177028 #1178134 
                    #1182470 #1183682 #1184212 #1184685 #1185486 
                    #1185675 #1185677 #1186071 #1186206 #1186666 
                    #1186949 #1187171 #1187263 #1187356 #1187402 
                    #1187403 #1187404 #1187407 #1187408 #1187409 
                    #1187410 #1187411 #1187412 #1187413 #1187452 
                    #1187554 #1187595 #1187601 #1187795 #1187867 
                    #1187883 #1187886 #1187927 #1187972 #1187980 
                    
Cross-References:   CVE-2021-0512 CVE-2021-0605 CVE-2021-33624
                    CVE-2021-34693 CVE-2021-3573
CVSS scores:
                    CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33624 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-33624 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3573 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 40 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow
     attackers to corrupt kernel heaps and adopt further exploitations.
     (bsc#1186666)
   - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
     information disclosure in the kernel with System execution privileges
     needed. (bsc#1187601)
   - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
     local escalation of privilege with no additional execution privileges
     needed. (bsc#1187595)
   - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to
     leak the contents of arbitrary kernel memory (and therefore, of all
     physical memory) via a side-channel. (bsc#1187554)
   - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local
     users to obtain sensitive information from kernel stack memory because
     parts of a data structure are uninitialized. (bsc#1187452)

   The following non-security bugs were fixed:

   - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch:
     (bsc#1187263).
   - alx: Fix an error handling path in 'alx_probe()' (git-fixes).
   - asm-generic/hyperv: Add missing function prototypes per -W1 warnings
     (bsc#1186071).
   - ASoC: fsl-asoc-card: Set .owner attribute when registering card
     (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
     (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
     (git-fixes).
   - ASoC: max98088: fix ni clock divider calculation (git-fixes).
   - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
   - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire
     mode (git-fixes).
   - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
   - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).
   - batman-adv: Avoid WARN_ON timing related checks (git-fixes).
   - be2net: Fix an error handling path in 'be_probe()' (git-fixes).
   - block: Discard page cache of zone reset target range (bsc#1187402).
   - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).
   - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
   - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371
     bsc#1153274).
   - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
     (bsc#1177028).
   - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).
   - bpfilter: Specify the log level for the kmsg message (bsc#1155518).
   - can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
   - ceph: must hold snap_rwsem when filling inode for async create
     (bsc#1187927).
   - cfg80211: avoid double free of PMSR request (git-fixes).
   - cfg80211: make certificate generation more robust (git-fixes).
   - cgroup1: do not allow '\n' in renaming (bsc#1187972).
   - clocksource/drivers/hyper-v: Handle sched_clock differences inline
     (bsc#1186071).
   - clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts
     (bsc#1186071).
   - clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V
     feature (bsc#1186071).
   - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).
   - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).
   - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).
   - cxgb4: fix wrong shift (git-fixes).
   - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).
   - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
   - dax: Add an enum for specifying dax wakup mode (bsc#1187411).
   - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
   - dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
   - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
   - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions
     (git-fixes).
   - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
     (git-fixes).
   - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
   - dmaengine: stedma40: add missing iounmap() on error in d40_probe()
     (git-fixes).
   - drivers: hv: Create a consistent pattern for checking Hyper-V hypercall
     status (bsc#1186071).
   - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071).
   - Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071).
   - Drivers: hv: vmbus: Check for pending channel interrupts before taking a
     CPU offline (bsc#1186071).
   - Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce
     CHANNELMSG_MODIFYCHANNEL_RESPONSE (bsc#1186071).
   - Drivers: hv: vmbus: Drop error message when 'No request id available'
     (bsc#1183682).
   - Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071).
   - Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3
     (bsc#1186071).
   - Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071).
   - Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code
     (bsc#1186071).
   - Drivers: hv: vmbus: remove unused function (bsc#1186071).
   - Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071).
   - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).
   - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
   - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).
   - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).
   - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).
   - drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
   - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).
   - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).
   - drm: Fix use-after-free read in drm_getunique() (git-fixes).
   - drm: Lock pointer access in drm_master_release() (git-fixes).
   - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
   - ethtool: strset: fix message length calculation (bsc#1176447).
   - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
     (bsc#1187408).
   - ext4: fix check to prevent false positive report of incorrect used
     inodes (bsc#1187404).
   - ext4: fix error code in ext4_commit_super (bsc#1187407).
   - ext4: fix memory leak in ext4_fill_super (bsc#1187409).
   - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
   - fs: fix reporting supported extra file attributes for statx()
     (bsc#1187410).
   - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
   - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
   - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
   - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
   - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
   - HID: hid-input: add mapping for emoji picker key (git-fixes).
   - HID: hid-sensor-hub: Return error for hid_set_field() failure
     (git-fixes).
   - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
   - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
   - HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
     (git-fixes).
   - hv: hyperv.h: a few mundane typo fixes (bsc#1186071).
   - hv_netvsc: Add a comment clarifying batching logic (bsc#1186071).
   - hv_netvsc: Add error handling while switching data path (bsc#1186071).
   - hv_netvsc: Make netvsc/VF binding check both MAC and serial number
     (bsc#1186071).
   - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
   - i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
   - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
   - ice: parameterize functions responsible for Tx ring management
     (jsc#SLE-12878).
   - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
   - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
   - kernel: kexec_file: fix error return code of
     kexec_calculate_store_digests() (git-fixes).
   - kthread: prevent deadlock when kthread_mod_delayed_work() races with
     kthread_cancel_delayed_work_sync() (bsc#1187867).
   - kthread_worker: split code for canceling the delayed work timer
     (bsc#1187867).
   - kyber: fix out of bounds access when preempted (bsc#1187403).
   - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
   - media: mtk-mdp: Check return value of of_clk_get (git-fixes).
   - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
   - media: s5p-g2d: Fix a memory leak in an error handling path in
     'g2d_probe()' (git-fixes).
   - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11
     (bsc#1176774).
   - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
   - module: limit enabling module.sig_enforce (git-fixes).
   - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
   - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).
   - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).
   - net/mlx5: Fix PBMC register mapping (git-fixes).
   - net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
   - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
   - net/mlx5: Reset mkey index on creation (jsc#SLE-15172).
   - net/mlx5e: Block offload of outer header csum for UDP tunnels
     (git-fixes).
   - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
   - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
   - net/nfc/rawsock.c: fix a permission check bug (git-fixes).
   - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
   - net/x25: Return the correct errno code (git-fixes).
   - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
   - netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
     (git-fixes).
   - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
   - NFS: Fix deadlock between nfs4_evict_inode() and
     nfs4_opendata_get_inode() (git-fixes).
   - NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
   - nvmem: rmem: fix undefined reference to memremap (git-fixes).
   - ocfs2: fix data corruption by fallocate (bsc#1187412).
   - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
   - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
   - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
   - PCI: hv: Drop msi_controller structure (bsc#1186071).
   - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
   - PCI: Mark TI C667X to avoid bus reset (git-fixes).
   - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
   - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1
     (git-fixes).
   - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
     (bsc#1184685).
   - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not
     set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).
   - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470
     bsc#1185486).
   - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
   - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
   - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
     (git-fixes).
   - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
   - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413).
   - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206
     ltc#191041).
   - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
     (git-fixes).
   - Revert "video: hgafb: fix potential NULL pointer dereference"
     (git-fixes).
   - Revert "video: imsttfb: fix potential NULL pointer dereferences"
     (bsc#1152489)
   - s390/dasd: add missing discipline function (git-fixes).
   - s390/stack: fix possible register corruption with stack switch helper
     (bsc#1185677).
   - sched/debug: Fix cgroup_path[] serialization (git-fixes)
   - sched/fair: Keep load_avg and load_sum synced (git-fixes)
   - scsi: core: Fix race between handling STS_RESOURCE and completion
     (bsc#1187883).
   - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
   - scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071).
   - scsi: storvsc: Parameterize number hardware queues (bsc#1186071).
   - scsi: ufs: Fix imprecise load calculation in devfreq window
     (bsc#1187795).
   - SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
   - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
   - spi: spi-nxp-fspi: move the register operation after the clock enable
     (git-fixes).
   - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - spi: stm32-qspi: Always wait BUSY bit to be cleared in
     stm32_qspi_wait_cmd() (git-fixes).
   - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
   - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
   - tracing: Correct the length check which causes memory corruption
     (git-fixes).
   - tracing: Do no increment trace_clock_global() by one (git-fixes).
   - tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
   - tracing: Do not stop recording comms if the trace file is being read
     (git-fixes).
   - tracing: Restructure trace_clock_global() to never block (git-fixes).
   - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
   - USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
   - USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
   - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
   - USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
   - USB: f_ncm: only first packet of aggregate needs to start timer
     (git-fixes).
   - USB: f_ncm: only first packet of aggregate needs to start timer
     (git-fixes).
   - USB: fix various gadget panics on 10gbps cabling (git-fixes).
   - USB: fix various gadget panics on 10gbps cabling (git-fixes).
   - USB: gadget: eem: fix wrong eem header operation (git-fixes).
   - USB: gadget: eem: fix wrong eem header operation (git-fixes).
   - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
     (git-fixes).
   - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
     (git-fixes).
   - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
   - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
   - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
   - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
   - video: hgafb: correctly handle card detect failure during probe
     (git-fixes).
   - video: hgafb: fix potential NULL pointer dereference (git-fixes).
   - vrf: fix maximum MTU (git-fixes).
   - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).
   - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate()
     (bsc#1178134).
   - x86/hyper-v: Move hv_message_type to architecture neutral module
   - x86/hyperv: Fix unused variable 'hi' warning in hv_apic_read
     (bsc#1186071).
   - x86/hyperv: Fix unused variable 'msr_val' warning in hv_qlock_wait
     (bsc#1186071).
   - x86/hyperv: Move hv_do_rep_hypercall to asm-generic (bsc#1186071).
   - x86/hyperv: remove unused linux/version.h header (bsc#1186071).
   - x86/pkru: Write hardware init value to PKRU when xstate is init
     (bsc#1152489).
   - x86/process: Check PF_KTHREAD and not current->mm for kernel threads
     (bsc#1152489).
   - xen-blkback: fix compatibility bug with single page rings (git-fixes).
   - xen-pciback: reconfigure also from backend watch handler (git-fixes).
   - xen-pciback: redo VF placement in the virtual topology (git-fixes).
   - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
   - xfrm: policy: Read seqcount outside of rcu-read side in
     xfrm_policy_lookup_bytype (bsc#1185675).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2021-2305=1



Package List:

   - openSUSE Leap 15.3 (noarch):

      kernel-devel-azure-5.3.18-38.11.1
      kernel-source-azure-5.3.18-38.11.1

   - openSUSE Leap 15.3 (x86_64):

      cluster-md-kmp-azure-5.3.18-38.11.1
      cluster-md-kmp-azure-debuginfo-5.3.18-38.11.1
      dlm-kmp-azure-5.3.18-38.11.1
      dlm-kmp-azure-debuginfo-5.3.18-38.11.1
      gfs2-kmp-azure-5.3.18-38.11.1
      gfs2-kmp-azure-debuginfo-5.3.18-38.11.1
      kernel-azure-5.3.18-38.11.1
      kernel-azure-debuginfo-5.3.18-38.11.1
      kernel-azure-debugsource-5.3.18-38.11.1
      kernel-azure-devel-5.3.18-38.11.1
      kernel-azure-devel-debuginfo-5.3.18-38.11.1
      kernel-azure-extra-5.3.18-38.11.1
      kernel-azure-extra-debuginfo-5.3.18-38.11.1
      kernel-azure-livepatch-devel-5.3.18-38.11.1
      kernel-azure-optional-5.3.18-38.11.1
      kernel-azure-optional-debuginfo-5.3.18-38.11.1
      kernel-syms-azure-5.3.18-38.11.1
      kselftests-kmp-azure-5.3.18-38.11.1
      kselftests-kmp-azure-debuginfo-5.3.18-38.11.1
      ocfs2-kmp-azure-5.3.18-38.11.1
      ocfs2-kmp-azure-debuginfo-5.3.18-38.11.1
      reiserfs-kmp-azure-5.3.18-38.11.1
      reiserfs-kmp-azure-debuginfo-5.3.18-38.11.1


References:

   https://www.suse.com/security/cve/CVE-2021-0512.html
   https://www.suse.com/security/cve/CVE-2021-0605.html
   https://www.suse.com/security/cve/CVE-2021-33624.html
   https://www.suse.com/security/cve/CVE-2021-34693.html
   https://www.suse.com/security/cve/CVE-2021-3573.html
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1164648
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176774
   https://bugzilla.suse.com/1176919
   https://bugzilla.suse.com/1177028
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1182470
   https://bugzilla.suse.com/1183682
   https://bugzilla.suse.com/1184212
   https://bugzilla.suse.com/1184685
   https://bugzilla.suse.com/1185486
   https://bugzilla.suse.com/1185675
   https://bugzilla.suse.com/1185677
   https://bugzilla.suse.com/1186071
   https://bugzilla.suse.com/1186206
   https://bugzilla.suse.com/1186666
   https://bugzilla.suse.com/1186949
   https://bugzilla.suse.com/1187171
   https://bugzilla.suse.com/1187263
   https://bugzilla.suse.com/1187356
   https://bugzilla.suse.com/1187402
   https://bugzilla.suse.com/1187403
   https://bugzilla.suse.com/1187404
   https://bugzilla.suse.com/1187407
   https://bugzilla.suse.com/1187408
   https://bugzilla.suse.com/1187409
   https://bugzilla.suse.com/1187410
   https://bugzilla.suse.com/1187411
   https://bugzilla.suse.com/1187412
   https://bugzilla.suse.com/1187413
   https://bugzilla.suse.com/1187452
   https://bugzilla.suse.com/1187554
   https://bugzilla.suse.com/1187595
   https://bugzilla.suse.com/1187601
   https://bugzilla.suse.com/1187795
   https://bugzilla.suse.com/1187867
   https://bugzilla.suse.com/1187883
   https://bugzilla.suse.com/1187886
   https://bugzilla.suse.com/1187927
   https://bugzilla.suse.com/1187972
   https://bugzilla.suse.com/1187980

openSUSE: 2021:2305-1 important: the Linux Kernel

July 13, 2021
An update that solves 5 vulnerabilities and has 40 fixes is now available

Description

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) The following non-security bugs were fixed: - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - asm-generic/hyperv: Add missing function prototypes per -W1 warnings (bsc#1186071). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - clocksource/drivers/hyper-v: Handle sched_clock differences inline (bsc#1186071). - clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts (bsc#1186071). - clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V feature (bsc#1186071). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - cxgb4: fix wrong shift (git-fixes). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drivers: hv: Create a consistent pattern for checking Hyper-V hypercall status (bsc#1186071). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071). - Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071). - Drivers: hv: vmbus: Check for pending channel interrupts before taking a CPU offline (bsc#1186071). - Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce CHANNELMSG_MODIFYCHANNEL_RESPONSE (bsc#1186071). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1183682). - Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071). - Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3 (bsc#1186071). - Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071). - Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code (bsc#1186071). - Drivers: hv: vmbus: remove unused function (bsc#1186071). - Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - ethtool: strset: fix message length calculation (bsc#1176447). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hv: hyperv.h: a few mundane typo fixes (bsc#1186071). - hv_netvsc: Add a comment clarifying batching logic (bsc#1186071). - hv_netvsc: Add error handling while switching data path (bsc#1186071). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (bsc#1186071). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - nvmem: rmem: fix undefined reference to memremap (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1186071). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413). - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#191041). - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" (git-fixes). - Revert "video: hgafb: fix potential NULL pointer dereference" (git-fixes). - Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#1152489) - s390/dasd: add missing discipline function (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071). - scsi: storvsc: Parameterize number hardware queues (bsc#1186071). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vrf: fix maximum MTU (git-fixes). - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - x86/hyper-v: Move hv_message_type to architecture neutral module - x86/hyperv: Fix unused variable 'hi' warning in hv_apic_read (bsc#1186071). - x86/hyperv: Fix unused variable 'msr_val' warning in hv_qlock_wait (bsc#1186071). - x86/hyperv: Move hv_do_rep_hypercall to asm-generic (bsc#1186071). - x86/hyperv: remove unused linux/version.h header (bsc#1186071). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). Special Instructions and Notes: Please reboot the system after installing this update.

Patch

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2305=1

Package List

- openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-38.11.1 kernel-source-azure-5.3.18-38.11.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-38.11.1 cluster-md-kmp-azure-debuginfo-5.3.18-38.11.1 dlm-kmp-azure-5.3.18-38.11.1 dlm-kmp-azure-debuginfo-5.3.18-38.11.1 gfs2-kmp-azure-5.3.18-38.11.1 gfs2-kmp-azure-debuginfo-5.3.18-38.11.1 kernel-azure-5.3.18-38.11.1 kernel-azure-debuginfo-5.3.18-38.11.1 kernel-azure-debugsource-5.3.18-38.11.1 kernel-azure-devel-5.3.18-38.11.1 kernel-azure-devel-debuginfo-5.3.18-38.11.1 kernel-azure-extra-5.3.18-38.11.1 kernel-azure-extra-debuginfo-5.3.18-38.11.1 kernel-azure-livepatch-devel-5.3.18-38.11.1 kernel-azure-optional-5.3.18-38.11.1 kernel-azure-optional-debuginfo-5.3.18-38.11.1 kernel-syms-azure-5.3.18-38.11.1 kselftests-kmp-azure-5.3.18-38.11.1 kselftests-kmp-azure-debuginfo-5.3.18-38.11.1 ocfs2-kmp-azure-5.3.18-38.11.1 ocfs2-kmp-azure-debuginfo-5.3.18-38.11.1 reiserfs-kmp-azure-5.3.18-38.11.1 reiserfs-kmp-azure-debuginfo-5.3.18-38.11.1

References

https://www.suse.com/security/cve/CVE-2021-0512.html https://www.suse.com/security/cve/CVE-2021-0605.html https://www.suse.com/security/cve/CVE-2021-33624.html https://www.suse.com/security/cve/CVE-2021-34693.html https://www.suse.com/security/cve/CVE-2021-3573.html https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1164648 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1176919 https://bugzilla.suse.com/1177028 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1182470 https://bugzilla.suse.com/1183682 https://bugzilla.suse.com/1184212 https://bugzilla.suse.com/1184685 https://bugzilla.suse.com/1185486 https://bugzilla.suse.com/1185675 https://bugzilla.suse.com/1185677 https://bugzilla.suse.com/1186071 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186666 https://bugzilla.suse.com/1186949 https://bugzilla.suse.com/1187171 https://bugzilla.suse.com/1187263 https://bugzilla.suse.com/1187356 https://bugzilla.suse.com/1187402 https://bugzilla.suse.com/1187403 https://bugzilla.suse.com/1187404 https://bugzilla.suse.com/1187407 https://bugzilla.suse.com/1187408 https://bugzilla.suse.com/1187409 https://bugzilla.suse.com/1187410 https://bugzilla.suse.com/1187411 https://bugzilla.suse.com/1187412 https://bugzilla.suse.com/1187413 https://bugzilla.suse.com/1187452 https://bugzilla.suse.com/1187554 https://bugzilla.suse.com/1187595 https://bugzilla.suse.com/1187601 https://bugzilla.suse.com/1187795 https://bugzilla.suse.com/1187867 https://bugzilla.suse.com/1187883 https://bugzilla.suse.com/1187886 https://bugzilla.suse.com/1187927 https://bugzilla.suse.com/1187972 https://bugzilla.suse.com/1187980

Severity
Announcement ID: openSUSE-SU-2021:2305-1
Rating: important
Affected Products: openSUSE Leap 15.3 ble.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.