Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP1) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0809-1 Final 1 1 2021-03-17T16:24:32Z current 2021-03-17T16:24:32Z 2021-03-17T16:24:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP1) This update for the Linux Kernel 4.12.14-197_78 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2021-0342: Fixed a potential memory corruption due to a use after free which could have led to local escalation of privilege with System execution privileges required (bsc#1180859). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-809,SUSE-SLE-Live-Patching-12-SP5-2021-809,SUSE-SLE-Module-Live-Patching-15-SP1-2021-851 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210809-1/ Link for SUSE-SU-2021:0809-1 https://lists.suse.com/pipermail/sle-security-updates/2021-March/008512.html E-Mail link for SUSE-SU-2021:0809-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179616 SUSE Bug 1179616 https://bugzilla.suse.com/1179664 SUSE Bug 1179664 https://bugzilla.suse.com/1180859 SUSE Bug 1180859 https://bugzilla.suse.com/1181553 SUSE Bug 1181553 https://www.suse.com/security/cve/CVE-2020-27786/ SUSE CVE CVE-2020-27786 page https://www.suse.com/security/cve/CVE-2020-29368/ SUSE CVE CVE-2020-29368 page https://www.suse.com/security/cve/CVE-2021-0342/ SUSE CVE CVE-2021-0342 page https://www.suse.com/security/cve/CVE-2021-3347/ SUSE CVE CVE-2021-3347 page SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Live Patching 15 SP1 kgraft-patch-4_12_14-122_57-default-3-2.2 kernel-livepatch-4_12_14-197_78-default-3-2.2 kgraft-patch-4_12_14-122_57-default-3-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-livepatch-4_12_14-197_78-default-3-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-27786 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_57-default-3-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_78-default-3-2.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210809-1/ https://www.suse.com/security/cve/CVE-2020-27786.html CVE-2020-27786 https://bugzilla.suse.com/1179601 SUSE Bug 1179601 https://bugzilla.suse.com/1179616 SUSE Bug 1179616 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. CVE-2020-29368 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_57-default-3-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_78-default-3-2.2 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210809-1/ https://www.suse.com/security/cve/CVE-2020-29368.html CVE-2020-29368 https://bugzilla.suse.com/1179428 SUSE Bug 1179428 https://bugzilla.suse.com/1179660 SUSE Bug 1179660 https://bugzilla.suse.com/1179664 SUSE Bug 1179664 In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. CVE-2021-0342 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_57-default-3-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_78-default-3-2.2 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210809-1/ https://www.suse.com/security/cve/CVE-2021-0342.html CVE-2021-0342 https://bugzilla.suse.com/1180812 SUSE Bug 1180812 https://bugzilla.suse.com/1180859 SUSE Bug 1180859 An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. CVE-2021-3347 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_57-default-3-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_78-default-3-2.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210809-1/ https://www.suse.com/security/cve/CVE-2021-3347.html CVE-2021-3347 https://bugzilla.suse.com/1181349 SUSE Bug 1181349 https://bugzilla.suse.com/1181553 SUSE Bug 1181553 https://bugzilla.suse.com/1190859 SUSE Bug 1190859