SUSE-SU-2021:0437-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-20210437-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0437-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:0437-1
Related
Published
2021-02-11T15:33:40Z
Modified
2025-05-02T04:10:42.430174Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
  • CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
  • CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
  • CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlinkparsetuple_filter (bnc#1176395).
  • CVE-2020-0444: Fixed a bad kfree due to a logic error in auditdatato_entry (bnc#1180027).
  • CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
  • CVE-2020-0466: Fixed a use-after-free due to a logic error in doepollctl and eploopcheck_proc of eventpoll.c (bnc#1180031).
  • CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
  • CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
  • CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
  • CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).
  • CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
  • CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
  • CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
  • CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
  • CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
  • CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
  • CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ).
  • CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140).
  • CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
  • CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).
  • CVE-2020-25668: Fixed a use-after-free in confontop() (bsc#1178123).
  • CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
  • CVE-2019-20934: Fixed a use-after-free in shownumastats() because NUMA fault statistics were inappropriately freed (bsc#1179663).
  • CVE-2019-19063: Fixed two memory leaks in the rtlusbprobe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ).
  • CVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172).

The following non-security bugs were fixed:

  • HID: Fix slab-out-of-bounds read in hidfieldextract (bsc#1180052).
  • epoll: Keep a reference on files added to the check list (bsc#1180031).
  • fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
  • futex,rtmutex: Fix rtmutexcleanupproxy_lock() (bsc#969755).
  • futex,rtmutex: Introduce rtmutexinitwaiter() (bsc#969755).
  • futex,rtmutex: Provide futex specific rtmutex API (bsc#969755).
  • futex,rtmutex: Restructure rtmutexfinishproxy_lock() (bsc#969755).
  • futex: Avoid freeing an active timer (bsc#969755).
  • futex: Avoid violating the 10th rule of futex (bsc#969755).
  • futex: Change locking rules (bsc#969755).
  • futex: Do not enable IRQs unconditionally in putpistate() (bsc#969755).
  • futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755).
  • futex: Fix OWNER_DEAD fixup (bsc#969755).
  • futex: Fix incorrect shouldfailfutex() handling (bsc#969755).
  • futex: Fix more putpistate() vs. exitpistate_list() races (bsc#969755).
  • futex: Fix pi_state->owner serialization (bsc#969755).
  • futex: Fix small (and harmless looking) inconsistencies (bsc#969755).
  • futex: Futexunlockpi() determinism (bsc#969755).
  • futex: Handle early deadlock return correctly (bsc#969755).
  • futex: Handle transient 'ownerless' rtmutex state correctly (bsc#969755).
  • futex: Pull rtmutexfutex_unlock() out from under hb->lock (bsc#969755).
  • futex: Rework futexlockpi() to use rtmutex*proxylock() (bsc#969755).
  • futex: Rework inconsistent rtmutex/futexq state (bsc#969755).
  • locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755).
  • mm/userfaultfd: do not access vma->vmmm after calling handleuserfault() (bsc#1179204).
References

Affected packages

SUSE:OpenStack Cloud 7 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / kgraft-patch-SLE12-SP2_Update_39

Package

Name
kgraft-patch-SLE12-SP2_Update_39
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_39&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise High Availability Extension 12 SP2 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.4.121-92.149.1",
            "gfs2-kmp-default": "4.4.121-92.149.1",
            "cluster-network-kmp-default": "4.4.121-92.149.1",
            "ocfs2-kmp-default": "4.4.121-92.149.1",
            "cluster-md-kmp-default": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / kgraft-patch-SLE12-SP2_Update_39

Package

Name
kgraft-patch-SLE12-SP2_Update_39
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_39&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-LTSS / kgraft-patch-SLE12-SP2_Update_39

Package

Name
kgraft-patch-SLE12-SP2_Update_39
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_39&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default-man": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kgraft-patch-4_4_121-92_149-default": "1-3.3.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.149.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.149.1",
            "kernel-devel": "4.4.121-92.149.1",
            "kernel-default-base": "4.4.121-92.149.1",
            "kernel-default": "4.4.121-92.149.1",
            "kernel-source": "4.4.121-92.149.1",
            "kernel-syms": "4.4.121-92.149.1",
            "kernel-default-devel": "4.4.121-92.149.1"
        }
    ]
}