Lucene search

K
suseSuseOPENSUSE-SU-2021:0579-1
HistoryApr 19, 2021 - 12:00 a.m.

Security update for the Linux Kernel (important)

2021-04-1900:00:00
lists.opensuse.org
25

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.8%

An update that solves 12 vulnerabilities and has 15 fixes
is now available.

Description:

The openSUSE Linux Leap 15.2 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
  • CVE-2021-30002: Fixed a memory leak for large arguments in
    video_usercopy (bsc#1184120).
  • CVE-2021-29154: Fixed incorrect computation of branch displacements,
    allowing arbitrary code execution (bsc#1184391).
  • CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop
    continually was finding the same bad inode (bsc#1184194).
  • CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509
    ).
  • CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering
    destruction of a large SEV VM (bsc#1184511).
  • CVE-2020-36310: Fixed infinite loop for certain nested page faults
    (bsc#1184512).
  • CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed
    multiple bugs in NFC subsytem (bsc#1178181).
  • CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem
    implementation which could have caused a system crash (bsc#1184211).

The following non-security bugs were fixed:

  • ALSA: aloop: Fix initialization of controls (git-fixes).
  • ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
  • appletalk: Fix skb allocation size in loopback case (git-fixes).
  • ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
  • ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
  • ASoC: intel: atom: Remove 44100 sample-rate from the media and
    deep-buffer DAI descriptions (git-fixes).
  • ASoC: intel: atom: Stop advertising non working S24LE support
    (git-fixes).
  • ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
  • ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
  • ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
    (git-fixes).
  • ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
    (git-fixes).
  • atl1c: fix error return code in atl1c_probe() (git-fixes).
  • atl1e: fix error return code in atl1e_probe() (git-fixes).
  • batman-adv: initialize “struct batadv_tvlv_tt_vlan_data”->reserved field
    (git-fixes).
  • bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
  • bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
  • bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
  • brcmfmac: clear EAP/association status bits on linkdown events
    (git-fixes).
  • bus: ti-sysc: Fix warning on unbind if reset is not deasserted
    (git-fixes).
  • cifs: change noisy error message to FYI (bsc#1181507).
  • cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
  • cifs: do not send close in compound create+close requests (bsc#1181507).
  • cifs: New optype for session operations (bsc#1181507).
  • cifs: print MIDs in decimal notation (bsc#1181507).
  • cifs: return proper error code in statfs(2) (bsc#1181507).
  • cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
  • clk: fix invalid usage of list cursor in register (git-fixes).
  • clk: fix invalid usage of list cursor in unregister (git-fixes).
  • clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
  • dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574,
    bsc#1175995, bsc#1184485).
  • drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
    (git-fixes).
  • drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
  • drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
    (git-fixes).
  • drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
  • drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs
    (git-fixes).
  • drm/msm: Ratelimit invalid-fence message (git-fixes).
  • drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
  • enetc: Fix reporting of h/w packet counters (git-fixes).
  • fix Patch-mainline:
    patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch
  • fix patch metadata
  • fuse: fix bad inode (bsc#1184211).
  • fuse: fix live lock in fuse_iget() (bsc#1184211).
  • gianfar: Handle error code at MAC address change (git-fixes).
  • i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
  • i40e: Fix sparse error: ‘vsi->netdev’ could be null (jsc#SLE-8025).
  • ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
  • iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
  • kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
  • libbpf: Fix INSTALL flag order (bsc#1155518).
  • libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
  • locking/mutex: Fix non debug version of mutex_lock_io_nested()
    (git-fixes).
  • mac80211: choose first enabled channel for monitor (git-fixes).
  • mac80211: fix TXQ AC confusion (git-fixes).
  • mISDN: fix crash in fritzpci (git-fixes).
  • net: atheros: switch from ‘pci_’ to ‘dma_’ API (git-fixes).
  • net: b44: fix error return code in b44_init_one() (git-fixes).
  • net: ethernet: ti: cpsw: fix error return code in cpsw_probe()
    (git-fixes).
  • net: hns3: Remove the left over redundant check & assignment
    (bsc#1154353).
  • net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
  • net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
  • net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
  • net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
  • net: qualcomm: rmnet: Fix incorrect receive packet handling during
    cleanup (git-fixes).
  • net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
  • net: wan/lmc: unregister device when no matching device is found
    (git-fixes).
  • platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2
    (git-fixes).
  • platform/x86: thinkpad_acpi: Allow the FnLock LED to change state
    (git-fixes).
  • PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
  • post.sh: Return an error when module update fails (bsc#1047233
    bsc#1184388).
  • powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
    (bsc#1065729).
  • powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
  • powerpc/pseries/ras: Remove unused variable ‘status’ (bsc#1065729).
  • powerpc/sstep: Check instruction validity against ISA version before
    emulation (bsc#1156395).
  • powerpc/sstep: Fix darn emulation (bsc#1156395).
  • powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
  • powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
  • qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
  • RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
  • regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
  • rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
  • rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package
    (bsc#1184514) The devel package requires the kernel binary package
    itself for building modules externally.
  • samples/bpf: Fix possible hang in xdpsock with multiple threads
    (bsc#1155518).
  • scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647
    ltc#191231).
  • smb3: add dynamic trace point to trace when credits obtained
    (bsc#1181507).
  • smb3: fix crediting for compounding when only one request in flight
    (bsc#1181507).
  • soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
  • staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes).
  • staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes).
  • thermal/core: Add NULL pointer check before using cooling device stats
    (git-fixes).
  • USB: cdc-acm: downgrade message to debug (git-fixes).
  • USB: cdc-acm: untangle a circular dependency between callback and
    softint (git-fixes).
  • usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
    (git-fixes).
  • USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
    (git-fixes).
  • x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
    (bsc#1152489).
  • x86/ioapic: Ignore IRQ2 again (bsc#1152489).
  • x86/mem_encrypt: Correct physical address calculation in
    __set_clr_pte_enc() (bsc#1152489).
  • xen/events: fix setting irq affinity (bsc#1184583).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-579=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (x86_64):- openSUSE Leap 15.2 (x86_64):.x86_64.rpm
openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.8%