Vulnerability from csaf_suse
Published
2021-07-13 11:02
Modified
2021-07-13 11:02
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666)
- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)
- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)
- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)
- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)
The following non-security bugs were fixed:
- 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263).
- alx: Fix an error handling path in 'alx_probe()' (git-fixes).
- asm-generic/hyperv: Add missing function prototypes per -W1 warnings (bsc#1186071).
- ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes).
- ASoC: max98088: fix ni clock divider calculation (git-fixes).
- ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
- ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
- ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).
- batman-adv: Avoid WARN_ON timing related checks (git-fixes).
- be2net: Fix an error handling path in 'be_probe()' (git-fixes).
- block: Discard page cache of zone reset target range (bsc#1187402).
- Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).
- Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274).
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028).
- bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).
- bpfilter: Specify the log level for the kmsg message (bsc#1155518).
- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
- ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927).
- cfg80211: avoid double free of PMSR request (git-fixes).
- cfg80211: make certificate generation more robust (git-fixes).
- cgroup1: do not allow '\n' in renaming (bsc#1187972).
- clocksource/drivers/hyper-v: Handle sched_clock differences inline (bsc#1186071).
- clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts (bsc#1186071).
- clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V feature (bsc#1186071).
- cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).
- cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).
- cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).
- cxgb4: fix wrong shift (git-fixes).
- cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).
- dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
- dax: Add an enum for specifying dax wakup mode (bsc#1187411).
- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
- dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes).
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes).
- drivers: hv: Create a consistent pattern for checking Hyper-V hypercall status (bsc#1186071).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071).
- Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071).
- Drivers: hv: vmbus: Check for pending channel interrupts before taking a CPU offline (bsc#1186071).
- Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce CHANNELMSG_MODIFYCHANNEL_RESPONSE (bsc#1186071).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1183682).
- Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071).
- Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3 (bsc#1186071).
- Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071).
- Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code (bsc#1186071).
- Drivers: hv: vmbus: remove unused function (bsc#1186071).
- Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071).
- drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).
- drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
- drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).
- drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).
- drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).
- drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
- drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).
- drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).
- drm: Fix use-after-free read in drm_getunique() (git-fixes).
- drm: Lock pointer access in drm_master_release() (git-fixes).
- dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
- ethtool: strset: fix message length calculation (bsc#1176447).
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408).
- ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404).
- ext4: fix error code in ext4_commit_super (bsc#1187407).
- ext4: fix memory leak in ext4_fill_super (bsc#1187409).
- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
- fs: fix reporting supported extra file attributes for statx() (bsc#1187410).
- ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
- ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
- fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
- HID: hid-input: add mapping for emoji picker key (git-fixes).
- HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
- HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes).
- hv: hyperv.h: a few mundane typo fixes (bsc#1186071).
- hv_netvsc: Add a comment clarifying batching logic (bsc#1186071).
- hv_netvsc: Add error handling while switching data path (bsc#1186071).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (bsc#1186071).
- hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
- ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
- ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878).
- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes).
- kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867).
- kthread_worker: split code for canceling the delayed work timer (bsc#1187867).
- kyber: fix out of bounds access when preempted (bsc#1187403).
- lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
- media: mtk-mdp: Check return value of of_clk_get (git-fixes).
- media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
- media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).
- mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774).
- mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
- module: limit enabling module.sig_enforce (git-fixes).
- net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
- net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).
- net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).
- net/mlx5: Fix PBMC register mapping (git-fixes).
- net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
- net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
- net/mlx5: Reset mkey index on creation (jsc#SLE-15172).
- net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).
- net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
- net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
- net/nfc/rawsock.c: fix a permission check bug (git-fixes).
- net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
- net/x25: Return the correct errno code (git-fixes).
- net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes).
- NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
- NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes).
- NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
- nvmem: rmem: fix undefined reference to memremap (git-fixes).
- ocfs2: fix data corruption by fallocate (bsc#1187412).
- PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
- PCI: hv: Drop msi_controller structure (bsc#1186071).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
- PCI: Mark TI C667X to avoid bus reset (git-fixes).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
- perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes).
- perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).
- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
- qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
- radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes).
- Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
- Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413).
- Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041).
- Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes).
- Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes).
- Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489)
- s390/dasd: add missing discipline function (git-fixes).
- s390/stack: fix possible register corruption with stack switch helper (bsc#1185677).
- sched/debug: Fix cgroup_path[] serialization (git-fixes)
- sched/fair: Keep load_avg and load_sum synced (git-fixes)
- scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883).
- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
- scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071).
- scsi: storvsc: Parameterize number hardware queues (bsc#1186071).
- scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).
- SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
- spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes).
- spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes).
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
- tracing: Correct the length check which causes memory corruption (git-fixes).
- tracing: Do no increment trace_clock_global() by one (git-fixes).
- tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
- tracing: Do not stop recording comms if the trace file is being read (git-fixes).
- tracing: Restructure trace_clock_global() to never block (git-fixes).
- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
- USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
- USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
- USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
- USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
- USB: fix various gadget panics on 10gbps cabling (git-fixes).
- USB: fix various gadget panics on 10gbps cabling (git-fixes).
- USB: gadget: eem: fix wrong eem header operation (git-fixes).
- USB: gadget: eem: fix wrong eem header operation (git-fixes).
- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).
- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- video: hgafb: correctly handle card detect failure during probe (git-fixes).
- video: hgafb: fix potential NULL pointer dereference (git-fixes).
- vrf: fix maximum MTU (git-fixes).
- x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).
- x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134).
- x86/hyper-v: Move hv_message_type to architecture neutral module
- x86/hyperv: Fix unused variable 'hi' warning in hv_apic_read (bsc#1186071).
- x86/hyperv: Fix unused variable 'msr_val' warning in hv_qlock_wait (bsc#1186071).
- x86/hyperv: Move hv_do_rep_hypercall to asm-generic (bsc#1186071).
- x86/hyperv: remove unused linux/version.h header (bsc#1186071).
- x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489).
- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489).
- xen-blkback: fix compatibility bug with single page rings (git-fixes).
- xen-pciback: reconfigure also from backend watch handler (git-fixes).
- xen-pciback: redo VF placement in the virtual topology (git-fixes).
- xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
- xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675).
Patchnames
SUSE-2021-2305,SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2305
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666)\n- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)\n- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)\n- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)\n- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)\n\nThe following non-security bugs were fixed:\n\n- 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263).\n- alx: Fix an error handling path in 'alx_probe()' (git-fixes).\n- asm-generic/hyperv: Add missing function prototypes per -W1 warnings (bsc#1186071).\n- ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes).\n- ASoC: max98088: fix ni clock divider calculation (git-fixes).\n- ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).\n- ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes).\n- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).\n- ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).\n- batman-adv: Avoid WARN_ON timing related checks (git-fixes).\n- be2net: Fix an error handling path in 'be_probe()' (git-fixes).\n- block: Discard page cache of zone reset target range (bsc#1187402).\n- Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).\n- Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).\n- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274).\n- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028).\n- bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).\n- bpfilter: Specify the log level for the kmsg message (bsc#1155518).\n- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).\n- ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927).\n- cfg80211: avoid double free of PMSR request (git-fixes).\n- cfg80211: make certificate generation more robust (git-fixes).\n- cgroup1: do not allow '\\n' in renaming (bsc#1187972).\n- clocksource/drivers/hyper-v: Handle sched_clock differences inline (bsc#1186071).\n- clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts (bsc#1186071).\n- clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V feature (bsc#1186071).\n- cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).\n- cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).\n- cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).\n- cxgb4: fix wrong shift (git-fixes).\n- cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).\n- dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).\n- dax: Add an enum for specifying dax wakup mode (bsc#1187411).\n- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).\n- dax: Wake up all waiters after invalidating dax entry (bsc#1187411).\n- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).\n- dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes).\n- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes).\n- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).\n- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes).\n- drivers: hv: Create a consistent pattern for checking Hyper-V hypercall status (bsc#1186071).\n- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071).\n- Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071).\n- Drivers: hv: vmbus: Check for pending channel interrupts before taking a CPU offline (bsc#1186071).\n- Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce CHANNELMSG_MODIFYCHANNEL_RESPONSE (bsc#1186071).\n- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1183682).\n- Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071).\n- Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3 (bsc#1186071).\n- Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071).\n- Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code (bsc#1186071).\n- Drivers: hv: vmbus: remove unused function (bsc#1186071).\n- Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071).\n- drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).\n- drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).\n- drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).\n- drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).\n- drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).\n- drm/tegra: sor: Do not leak runtime PM reference (git-fixes).\n- drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).\n- drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).\n- drm: Fix use-after-free read in drm_getunique() (git-fixes).\n- drm: Lock pointer access in drm_master_release() (git-fixes).\n- dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).\n- ethtool: strset: fix message length calculation (bsc#1176447).\n- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408).\n- ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404).\n- ext4: fix error code in ext4_commit_super (bsc#1187407).\n- ext4: fix memory leak in ext4_fill_super (bsc#1187409).\n- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).\n- fs: fix reporting supported extra file attributes for statx() (bsc#1187410).\n- ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).\n- ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).\n- fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).\n- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).\n- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).\n- HID: hid-input: add mapping for emoji picker key (git-fixes).\n- HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).\n- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).\n- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).\n- HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes).\n- hv: hyperv.h: a few mundane typo fixes (bsc#1186071).\n- hv_netvsc: Add a comment clarifying batching logic (bsc#1186071).\n- hv_netvsc: Add error handling while switching data path (bsc#1186071).\n- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (bsc#1186071).\n- hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).\n- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).\n- ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).\n- ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878).\n- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).\n- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.\n- kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes).\n- kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867).\n- kthread_worker: split code for canceling the delayed work timer (bsc#1187867).\n- kyber: fix out of bounds access when preempted (bsc#1187403).\n- lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).\n- media: mtk-mdp: Check return value of of_clk_get (git-fixes).\n- media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).\n- media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).\n- mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774).\n- mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).\n- module: limit enabling module.sig_enforce (git-fixes).\n- net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).\n- net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).\n- net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).\n- net/mlx5: Fix PBMC register mapping (git-fixes).\n- net/mlx5: Fix placement of log_max_flow_counter (git-fixes).\n- net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).\n- net/mlx5: Reset mkey index on creation (jsc#SLE-15172).\n- net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).\n- net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).\n- net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).\n- net/nfc/rawsock.c: fix a permission check bug (git-fixes).\n- net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).\n- net/x25: Return the correct errno code (git-fixes).\n- net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).\n- netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes).\n- NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).\n- NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes).\n- NFS: Fix use-after-free in nfs4_init_client() (git-fixes).\n- nvmem: rmem: fix undefined reference to memremap (git-fixes).\n- ocfs2: fix data corruption by fallocate (bsc#1187412).\n- PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).\n- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).\n- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).\n- PCI: hv: Drop msi_controller structure (bsc#1186071).\n- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).\n- PCI: Mark TI C667X to avoid bus reset (git-fixes).\n- PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).\n- perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes).\n- perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685).\n- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).\n- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).\n- qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).\n- radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).\n- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes).\n- Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)\n- Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413).\n- Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041).\n- Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes).\n- Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes).\n- Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489)\n- s390/dasd: add missing discipline function (git-fixes).\n- s390/stack: fix possible register corruption with stack switch helper (bsc#1185677).\n- sched/debug: Fix cgroup_path[] serialization (git-fixes)\n- sched/fair: Keep load_avg and load_sum synced (git-fixes)\n- scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883).\n- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).\n- scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071).\n- scsi: storvsc: Parameterize number hardware queues (bsc#1186071).\n- scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).\n- SCSI: ufs: fix ktime_t kabi change (bsc#1187795).\n- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).\n- spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes).\n- spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).\n- spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes).\n- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).\n- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).\n- tracing: Correct the length check which causes memory corruption (git-fixes).\n- tracing: Do no increment trace_clock_global() by one (git-fixes).\n- tracing: Do not stop recording cmdlines when tracing is off (git-fixes).\n- tracing: Do not stop recording comms if the trace file is being read (git-fixes).\n- tracing: Restructure trace_clock_global() to never block (git-fixes).\n- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).\n- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).\n- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).\n- USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).\n- USB: dwc3: ep0: fix NULL pointer exception (git-fixes).\n- USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).\n- USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).\n- USB: fix various gadget panics on 10gbps cabling (git-fixes).\n- USB: fix various gadget panics on 10gbps cabling (git-fixes).\n- USB: gadget: eem: fix wrong eem header operation (git-fixes).\n- USB: gadget: eem: fix wrong eem header operation (git-fixes).\n- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).\n- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).\n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).\n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).\n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).\n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).\n- video: hgafb: correctly handle card detect failure during probe (git-fixes).\n- video: hgafb: fix potential NULL pointer dereference (git-fixes).\n- vrf: fix maximum MTU (git-fixes).\n- x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).\n- x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134).\n- x86/hyper-v: Move hv_message_type to architecture neutral module\n- x86/hyperv: Fix unused variable 'hi' warning in hv_apic_read (bsc#1186071).\n- x86/hyperv: Fix unused variable 'msr_val' warning in hv_qlock_wait (bsc#1186071).\n- x86/hyperv: Move hv_do_rep_hypercall to asm-generic (bsc#1186071).\n- x86/hyperv: remove unused linux/version.h header (bsc#1186071).\n- x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489).\n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489).\n- xen-blkback: fix compatibility bug with single page rings (git-fixes).\n- xen-pciback: reconfigure also from backend watch handler (git-fixes).\n- xen-pciback: redo VF placement in the virtual topology (git-fixes).\n- xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).\n- xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-2305,SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2305", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2305-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:2305-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20212305-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:2305-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009130.html", }, { category: "self", summary: "SUSE Bug 1152489", url: "https://bugzilla.suse.com/1152489", }, { category: "self", summary: "SUSE Bug 1153274", url: "https://bugzilla.suse.com/1153274", }, { category: "self", summary: "SUSE Bug 1154353", url: "https://bugzilla.suse.com/1154353", }, { category: "self", summary: "SUSE Bug 1155518", url: "https://bugzilla.suse.com/1155518", }, { category: "self", summary: "SUSE Bug 1164648", url: "https://bugzilla.suse.com/1164648", }, { category: "self", summary: "SUSE Bug 1176447", url: "https://bugzilla.suse.com/1176447", }, { category: "self", summary: "SUSE Bug 1176774", url: "https://bugzilla.suse.com/1176774", }, { category: "self", summary: "SUSE Bug 1176919", url: "https://bugzilla.suse.com/1176919", }, { category: "self", summary: "SUSE Bug 1177028", url: "https://bugzilla.suse.com/1177028", }, { category: "self", summary: "SUSE Bug 1178134", url: "https://bugzilla.suse.com/1178134", }, { category: "self", summary: "SUSE Bug 1182470", url: "https://bugzilla.suse.com/1182470", }, { category: "self", summary: "SUSE Bug 1183682", url: "https://bugzilla.suse.com/1183682", }, { category: "self", summary: "SUSE Bug 1184212", url: "https://bugzilla.suse.com/1184212", }, { category: "self", summary: "SUSE Bug 1184685", url: "https://bugzilla.suse.com/1184685", }, { category: "self", summary: "SUSE Bug 1185486", url: "https://bugzilla.suse.com/1185486", }, { category: "self", summary: "SUSE Bug 1185675", url: "https://bugzilla.suse.com/1185675", }, { category: "self", summary: "SUSE Bug 1185677", url: "https://bugzilla.suse.com/1185677", }, { category: "self", summary: "SUSE Bug 1186071", url: "https://bugzilla.suse.com/1186071", }, { category: "self", summary: "SUSE Bug 1186206", url: "https://bugzilla.suse.com/1186206", }, { category: "self", summary: "SUSE Bug 1186666", url: "https://bugzilla.suse.com/1186666", }, { category: "self", summary: "SUSE Bug 1186949", url: "https://bugzilla.suse.com/1186949", }, { category: "self", summary: "SUSE Bug 1187171", url: "https://bugzilla.suse.com/1187171", }, { category: "self", summary: "SUSE Bug 1187263", url: "https://bugzilla.suse.com/1187263", }, { category: "self", summary: "SUSE Bug 1187356", url: "https://bugzilla.suse.com/1187356", }, { category: "self", summary: "SUSE Bug 1187402", url: "https://bugzilla.suse.com/1187402", }, { category: "self", summary: "SUSE Bug 1187403", url: "https://bugzilla.suse.com/1187403", }, { category: "self", summary: "SUSE Bug 1187404", url: "https://bugzilla.suse.com/1187404", }, { category: "self", summary: "SUSE Bug 1187407", url: "https://bugzilla.suse.com/1187407", }, { category: "self", summary: "SUSE Bug 1187408", url: "https://bugzilla.suse.com/1187408", }, { category: "self", summary: "SUSE Bug 1187409", url: "https://bugzilla.suse.com/1187409", }, { category: "self", summary: "SUSE Bug 1187410", url: "https://bugzilla.suse.com/1187410", }, { category: "self", summary: "SUSE Bug 1187411", url: "https://bugzilla.suse.com/1187411", }, { category: "self", summary: "SUSE Bug 1187412", url: "https://bugzilla.suse.com/1187412", }, { category: "self", summary: "SUSE Bug 1187413", url: "https://bugzilla.suse.com/1187413", }, { category: "self", summary: "SUSE Bug 1187452", url: "https://bugzilla.suse.com/1187452", }, { category: "self", summary: "SUSE Bug 1187554", url: "https://bugzilla.suse.com/1187554", }, { category: "self", summary: "SUSE Bug 1187595", url: "https://bugzilla.suse.com/1187595", }, { category: "self", summary: "SUSE Bug 1187601", url: "https://bugzilla.suse.com/1187601", }, { category: "self", summary: "SUSE Bug 1187795", url: "https://bugzilla.suse.com/1187795", }, { category: "self", summary: "SUSE Bug 1187867", url: "https://bugzilla.suse.com/1187867", }, { category: "self", summary: "SUSE Bug 1187883", url: "https://bugzilla.suse.com/1187883", }, { category: "self", summary: "SUSE Bug 1187886", url: "https://bugzilla.suse.com/1187886", }, { category: "self", summary: "SUSE Bug 1187927", url: "https://bugzilla.suse.com/1187927", }, { category: "self", summary: "SUSE Bug 1187972", url: "https://bugzilla.suse.com/1187972", }, { category: "self", summary: "SUSE Bug 1187980", url: "https://bugzilla.suse.com/1187980", }, { category: "self", summary: "SUSE CVE CVE-2021-0512 page", url: "https://www.suse.com/security/cve/CVE-2021-0512/", }, { category: "self", summary: "SUSE CVE CVE-2021-0605 page", url: "https://www.suse.com/security/cve/CVE-2021-0605/", }, { category: "self", summary: "SUSE CVE CVE-2021-33624 page", url: "https://www.suse.com/security/cve/CVE-2021-33624/", }, { category: "self", summary: "SUSE CVE CVE-2021-34693 page", url: "https://www.suse.com/security/cve/CVE-2021-34693/", }, { category: "self", summary: "SUSE CVE CVE-2021-3573 page", url: "https://www.suse.com/security/cve/CVE-2021-3573/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2021-07-13T11:02:01Z", generator: { date: "2021-07-13T11:02:01Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:2305-1", initial_release_date: "2021-07-13T11:02:01Z", revision_history: [ { date: "2021-07-13T11:02:01Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-azure-5.3.18-38.11.1.noarch", product: { name: "kernel-devel-azure-5.3.18-38.11.1.noarch", product_id: "kernel-devel-azure-5.3.18-38.11.1.noarch", }, }, { category: "product_version", name: "kernel-source-azure-5.3.18-38.11.1.noarch", product: { name: "kernel-source-azure-5.3.18-38.11.1.noarch", product_id: "kernel-source-azure-5.3.18-38.11.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-azure-5.3.18-38.11.1.x86_64", product: { name: "cluster-md-kmp-azure-5.3.18-38.11.1.x86_64", product_id: "cluster-md-kmp-azure-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-azure-5.3.18-38.11.1.x86_64", product: { name: "dlm-kmp-azure-5.3.18-38.11.1.x86_64", product_id: "dlm-kmp-azure-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-azure-5.3.18-38.11.1.x86_64", product: { name: "gfs2-kmp-azure-5.3.18-38.11.1.x86_64", product_id: "gfs2-kmp-azure-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-5.3.18-38.11.1.x86_64", product: { name: "kernel-azure-5.3.18-38.11.1.x86_64", product_id: "kernel-azure-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-devel-5.3.18-38.11.1.x86_64", product: { name: "kernel-azure-devel-5.3.18-38.11.1.x86_64", product_id: "kernel-azure-devel-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-extra-5.3.18-38.11.1.x86_64", product: { name: "kernel-azure-extra-5.3.18-38.11.1.x86_64", product_id: "kernel-azure-extra-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64", product: { name: "kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64", product_id: "kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-optional-5.3.18-38.11.1.x86_64", product: { name: "kernel-azure-optional-5.3.18-38.11.1.x86_64", product_id: "kernel-azure-optional-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-azure-5.3.18-38.11.1.x86_64", product: { name: "kernel-syms-azure-5.3.18-38.11.1.x86_64", product_id: "kernel-syms-azure-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-azure-5.3.18-38.11.1.x86_64", product: { name: "kselftests-kmp-azure-5.3.18-38.11.1.x86_64", product_id: "kselftests-kmp-azure-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-azure-5.3.18-38.11.1.x86_64", product: { name: "ocfs2-kmp-azure-5.3.18-38.11.1.x86_64", product_id: "ocfs2-kmp-azure-5.3.18-38.11.1.x86_64", }, }, { category: "product_version", name: "reiserfs-kmp-azure-5.3.18-38.11.1.x86_64", product: { name: "reiserfs-kmp-azure-5.3.18-38.11.1.x86_64", product_id: "reiserfs-kmp-azure-5.3.18-38.11.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", product: { name: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-public-cloud:15:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-azure-5.3.18-38.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", }, product_reference: "kernel-azure-5.3.18-38.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-5.3.18-38.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", }, product_reference: "kernel-azure-devel-5.3.18-38.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-5.3.18-38.11.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", }, product_reference: "kernel-devel-azure-5.3.18-38.11.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-5.3.18-38.11.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", }, product_reference: "kernel-source-azure-5.3.18-38.11.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-5.3.18-38.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3", product_id: "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", }, product_reference: "kernel-syms-azure-5.3.18-38.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Public Cloud 15 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-0512", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-0512", }, ], notes: [ { category: "general", text: "In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-0512", url: "https://www.suse.com/security/cve/CVE-2021-0512", }, { category: "external", summary: "SUSE Bug 1187595 for CVE-2021-0512", url: "https://bugzilla.suse.com/1187595", }, { category: "external", summary: "SUSE Bug 1187597 for CVE-2021-0512", url: "https://bugzilla.suse.com/1187597", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-13T11:02:01Z", details: "important", }, ], title: "CVE-2021-0512", }, { cve: "CVE-2021-0605", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-0605", }, ], notes: [ { category: "general", text: "In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-0605", url: "https://www.suse.com/security/cve/CVE-2021-0605", }, { category: "external", summary: "SUSE Bug 1187601 for CVE-2021-0605", url: "https://bugzilla.suse.com/1187601", }, { category: "external", summary: "SUSE Bug 1187687 for CVE-2021-0605", url: "https://bugzilla.suse.com/1187687", }, { category: "external", summary: "SUSE Bug 1188381 for CVE-2021-0605", url: "https://bugzilla.suse.com/1188381", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-13T11:02:01Z", details: "important", }, ], title: "CVE-2021-0605", }, { cve: "CVE-2021-33624", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-33624", }, ], notes: [ { category: "general", text: "In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-33624", url: "https://www.suse.com/security/cve/CVE-2021-33624", }, { category: "external", summary: "SUSE Bug 1187554 for CVE-2021-33624", url: "https://bugzilla.suse.com/1187554", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-13T11:02:01Z", details: "moderate", }, ], title: "CVE-2021-33624", }, { cve: "CVE-2021-34693", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-34693", }, ], notes: [ { category: "general", text: "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-34693", url: "https://www.suse.com/security/cve/CVE-2021-34693", }, { category: "external", summary: "SUSE Bug 1187452 for CVE-2021-34693", url: "https://bugzilla.suse.com/1187452", }, { category: "external", summary: "SUSE Bug 1192868 for CVE-2021-34693", url: "https://bugzilla.suse.com/1192868", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-13T11:02:01Z", details: "moderate", }, ], title: "CVE-2021-34693", }, { cve: "CVE-2021-3573", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3573", }, ], notes: [ { category: "general", text: "A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3573", url: "https://www.suse.com/security/cve/CVE-2021-3573", }, { category: "external", summary: "SUSE Bug 1186666 for CVE-2021-3573", url: "https://bugzilla.suse.com/1186666", }, { category: "external", summary: "SUSE Bug 1187054 for CVE-2021-3573", url: "https://bugzilla.suse.com/1187054", }, { category: "external", summary: "SUSE Bug 1188172 for CVE-2021-3573", url: "https://bugzilla.suse.com/1188172", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-38.11.1.x86_64", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-38.11.1.noarch", "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-38.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-13T11:02:01Z", details: "important", }, ], title: "CVE-2021-3573", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.