openSUSE Leap 15.3: 2021:3941-1 Important: Kernel Privilege Escalation
opensuse
December 6, 2021
An update that solves four vulnerabilities, contains one feature and has 21 fixes is now available
Description
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface
as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting
/proc/sys/kernel/unprivileged_bpf_disabled to 0.
(kernel.unprivileged_bpf_disabled = 0)
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible
out of bounds read due to a use after free. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1192045 ).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in
list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module
in the Linux kernel A bound check failure allowed an attacker with
special user (CAP_SYS_ADMIN) privilege to...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3941=1
Package List
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-59.37.2
cluster-md-kmp-default-debuginfo-5.3.18-59.37.2
dlm-kmp-default-5.3.18-59.37.2
dlm-kmp-default-debuginfo-5.3.18-59.37.2
gfs2-kmp-default-5.3.18-59.37.2
gfs2-kmp-default-debuginfo-5.3.18-59.37.2
kernel-default-5.3.18-59.37.2
kernel-default-base-5.3.18-59.37.2.18.23.3
kernel-default-base-rebuild-5.3.18-59.37.2.18.23.3
kernel-default-debuginfo-5.3.18-59.37.2
kernel-default-debugsource-5.3.18-59.37.2
kernel-default-devel-5.3.18-59.37.2
kernel-default-devel-debuginfo-5.3.18-59.37.2
kernel-default-extra-5.3.18-59.37.2
kernel-default-extra-debuginfo-5.3.18-59.37.2
kernel-default-livepatch-5.3.18-59.37.2
kernel-default-livepatch-devel-5.3.18-59.37.2
kernel-default-optional-5.3.18-59.37.2
kernel-default-optional-debuginfo-5.3.18-59.37.2
kernel-obs-build-5.3.18-59.37.3
kernel-obs-build-debugsource-5.3.18-59.37.3
kernel-obs-qa-5.3.18-59.37.1
kernel-syms-5.3.18-59.37.1
kselftests-kmp-default-5.3.18-59.37.2
kselftests-kmp-default-deb...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2021-0941.html
https://www.suse.com/security/cve/CVE-2021-20322.html
https://www.suse.com/security/cve/CVE-2021-31916.html
https://www.suse.com/security/cve/CVE-2021-34981.html
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1169263
https://bugzilla.suse.com/1170269
https://bugzilla.suse.com/1184924
https://bugzilla.suse.com/1190523
https://bugzilla.suse.com/1190795
https://bugzilla.suse.com/1191790
https://bugzilla.suse.com/1191961
https://bugzilla.suse.com/1192045
https://bugzilla.suse.com/1192217
https://bugzilla.suse.com/1192273
https://bugzilla.suse.com/1192328
https://bugzilla.suse.com/1192375
https://bugzilla.suse.com/1192473
https://bugzilla.suse.com/1192718
https://bugzilla.suse.com/1192740
https://bugzilla.suse.com/1192745
https://bugzilla.suse.com/1192750
https://bugzilla.suse.com/1192753
https://bugzilla.suse.com/1192758
https://bugzilla.suse.com/1192781
https://bugzilla.suse.com/1192802
https://bugzilla.suse.com/1192896
https://bugzilla.suse.com/1192...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:3941-1
Rating: important
Affected Products:
openSUSE Leap 15.3
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!