SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:14849-1
Rating:             important
References:         #1183089 #1184673 #1186109 #1187050 #1187215 
                    #1188172 #1188563 #1188601 #1188876 #1189057 
                    #1189262 #1189399 #1190117 #1190351 #1191315 
                    #1191660 #1191958 #1192036 #1192267 #904899 
                    #905100 
Cross-References:   CVE-2014-7841 CVE-2020-36385 CVE-2021-20265
                    CVE-2021-33033 CVE-2021-3542 CVE-2021-3609
                    CVE-2021-3640 CVE-2021-3653 CVE-2021-3655
                    CVE-2021-3679 CVE-2021-37159 CVE-2021-3772
                    CVE-2021-38160 CVE-2021-38198 CVE-2021-42008
                    CVE-2021-42739 CVE-2021-43389
CVSS scores:
                    CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20265 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20265 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has four fixes
   is now available.

Description:



   The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called
     unregister_netdev without checking for the NETREG_REGISTERED state,
     leading to a use-after-free and a double free (bnc#1188601).
   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Missing size validations on inbound SCTP packets may have
     allowed the kernel to read uninitialized memory (bnc#1188563
     bnc#1192267).
   - CVE-2014-7841: The sctp_process_param function in
     net/sctp/sm_make_chunk.c in the SCTP implementation, when ASCONF is
     used, allowed remote attackers to cause a denial of service (NULL
     pointer dereference and system crash) via a malformed INIT chunk
     (bnc#904899 bnc#905100).
   - CVE-2021-20265: A flaw was found in the way memory resources were freed
     in the unix_stream_recvmsg function when a signal was pending. This flaw
     allowed an unprivileged local user to crash the system by exhausting
     available memory. The highest threat from this vulnerability is to
     system availability (bnc#1183089).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bnc#1184673 bnc#1192036).
   - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt
     in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for
     the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to
     writing an arbitrary value (bnc#1186109 bnc#1188876).
   - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the
     detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
   - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c
     had a slab out-of-bounds write. Input from a process that has the
     CAP_NET_ADMIN capability can lead to root access (bnc#1191315).
   - CVE-2021-38160: Data corruption or loss could be triggered by an
     untrusted device that supplies a buf->len value exceeding the buffer
     size in drivers/char/virtio_console.c (bsc#1190117)
   - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
     sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
   - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the
     access permissions of a shadow page, leading to a missing guest
     protection page fault (bnc#1189262).
   - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM
     nested virtualization. The flaw occurs when processing the VMCB (virtual
     machine control block) provided by the L1 guest to spawn/handle a nested
     guest (L2). Due to improper validation of the "int_ctl" field, this
     issue could allow a malicious L1 to enable AVIC support (Advanced
     Virtual Interrupt Controller) for the L2 guest. As a result, the L2
     guest would be allowed to read/write physical pages of the host,
     resulting in a crash of the entire system, leak of sensitive data or
     potential guest-to-host escape. (bnc#1189399).
   - CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module
     functionality was found in the way user uses trace ring buffer in a
     specific way. Only privileged local users (with CAP_SYS_ADMIN
     capability) could use this flaw to starve the resources causing denial
     of service (bnc#1189057).
   - CVE-2021-3609: A potential local privilege escalation in the CAN BCM
     networking protocol was fixed (bsc#1187215).
   - CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free
     because the ctx is reached via the ctx_list in some ucma_migrate_id
     situations where ucma_close is called, aka CID-f5449e74802c
     (bnc#1187050).

   The following non-security bugs were fixed:

   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - sctp: fully initialize v4 addr in some functions (bsc#1188563).
   - sctp: simplify addr copy (bsc#1188563).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-LTSS:

      zypper in -t patch slessp4-kernel-14849=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-14849=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-14849=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.132.1
      kernel-default-base-3.0.101-108.132.1
      kernel-default-devel-3.0.101-108.132.1
      kernel-source-3.0.101-108.132.1
      kernel-syms-3.0.101-108.132.1
      kernel-trace-3.0.101-108.132.1
      kernel-trace-base-3.0.101-108.132.1
      kernel-trace-devel-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-108.132.1
      kernel-ec2-base-3.0.101-108.132.1
      kernel-ec2-devel-3.0.101-108.132.1
      kernel-xen-3.0.101-108.132.1
      kernel-xen-base-3.0.101-108.132.1
      kernel-xen-devel-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64):

      kernel-bigmem-3.0.101-108.132.1
      kernel-bigmem-base-3.0.101-108.132.1
      kernel-bigmem-devel-3.0.101-108.132.1
      kernel-ppc64-3.0.101-108.132.1
      kernel-ppc64-base-3.0.101-108.132.1
      kernel-ppc64-devel-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x):

      kernel-default-man-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586):

      kernel-pae-3.0.101-108.132.1
      kernel-pae-base-3.0.101-108.132.1
      kernel-pae-devel-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.132.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.132.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.132.1
      kernel-default-debugsource-3.0.101-108.132.1
      kernel-trace-debuginfo-3.0.101-108.132.1
      kernel-trace-debugsource-3.0.101-108.132.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.132.1
      kernel-trace-devel-debuginfo-3.0.101-108.132.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.132.1
      kernel-ec2-debugsource-3.0.101-108.132.1
      kernel-xen-debuginfo-3.0.101-108.132.1
      kernel-xen-debugsource-3.0.101-108.132.1
      kernel-xen-devel-debuginfo-3.0.101-108.132.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.132.1
      kernel-bigmem-debugsource-3.0.101-108.132.1
      kernel-ppc64-debuginfo-3.0.101-108.132.1
      kernel-ppc64-debugsource-3.0.101-108.132.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.132.1
      kernel-pae-debugsource-3.0.101-108.132.1
      kernel-pae-devel-debuginfo-3.0.101-108.132.1


References:

   https://www.suse.com/security/cve/CVE-2014-7841.html
   https://www.suse.com/security/cve/CVE-2020-36385.html
   https://www.suse.com/security/cve/CVE-2021-20265.html
   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3609.html
   https://www.suse.com/security/cve/CVE-2021-3640.html
   https://www.suse.com/security/cve/CVE-2021-3653.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3679.html
   https://www.suse.com/security/cve/CVE-2021-37159.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-38160.html
   https://www.suse.com/security/cve/CVE-2021-38198.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43389.html
   https://bugzilla.suse.com/1183089
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1187050
   https://bugzilla.suse.com/1187215
   https://bugzilla.suse.com/1188172
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1188601
   https://bugzilla.suse.com/1188876
   https://bugzilla.suse.com/1189057
   https://bugzilla.suse.com/1189262
   https://bugzilla.suse.com/1189399
   https://bugzilla.suse.com/1190117
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191660
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192036
   https://bugzilla.suse.com/1192267
   https://bugzilla.suse.com/904899
   https://bugzilla.suse.com/905100