Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:14724-1 Final 1 1 2021-05-12T10:08:20Z current 2021-05-12T10:08:20Z 2021-05-12T10:08:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28950: Fixed an infinite loop because a retry loop continually finds the same bad inode (bsc#1184194). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2021-20261: Fixed a race condition in the implementation of the floppy disk drive controller driver software (bsc#1183400). - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). The following non-security bugs were fixed: - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1056134, bsc#1180963). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp4-kernel-source-14724,slexsp3-kernel-source-14724 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ Link for SUSE-SU-2021:14724-1 https://lists.suse.com/pipermail/sle-security-updates/2021-May/008759.html E-Mail link for SUSE-SU-2021:14724-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1056134 SUSE Bug 1056134 https://bugzilla.suse.com/1180963 SUSE Bug 1180963 https://bugzilla.suse.com/1182715 SUSE Bug 1182715 https://bugzilla.suse.com/1182716 SUSE Bug 1182716 https://bugzilla.suse.com/1182717 SUSE Bug 1182717 https://bugzilla.suse.com/1183400 SUSE Bug 1183400 https://bugzilla.suse.com/1183696 SUSE Bug 1183696 https://bugzilla.suse.com/1184120 SUSE Bug 1184120 https://bugzilla.suse.com/1184194 SUSE Bug 1184194 https://bugzilla.suse.com/1184198 SUSE Bug 1184198 https://bugzilla.suse.com/1184208 SUSE Bug 1184208 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 https://bugzilla.suse.com/1184393 SUSE Bug 1184393 https://www.suse.com/security/cve/CVE-2020-35519/ SUSE CVE CVE-2020-35519 page https://www.suse.com/security/cve/CVE-2020-36322/ SUSE CVE CVE-2020-36322 page https://www.suse.com/security/cve/CVE-2021-20261/ SUSE CVE CVE-2021-20261 page https://www.suse.com/security/cve/CVE-2021-27363/ SUSE CVE CVE-2021-27363 page https://www.suse.com/security/cve/CVE-2021-27364/ SUSE CVE CVE-2021-27364 page https://www.suse.com/security/cve/CVE-2021-27365/ SUSE CVE CVE-2021-27365 page https://www.suse.com/security/cve/CVE-2021-28950/ SUSE CVE CVE-2021-28950 page https://www.suse.com/security/cve/CVE-2021-28972/ SUSE CVE CVE-2021-28972 page https://www.suse.com/security/cve/CVE-2021-29650/ SUSE CVE CVE-2021-29650 page https://www.suse.com/security/cve/CVE-2021-30002/ SUSE CVE CVE-2021-30002 page https://www.suse.com/security/cve/CVE-2021-3483/ SUSE CVE CVE-2021-3483 page SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-3.0.101-108.126.1 kernel-bigmem-base-3.0.101-108.126.1 kernel-bigmem-devel-3.0.101-108.126.1 kernel-default-3.0.101-108.126.1 kernel-default-base-3.0.101-108.126.1 kernel-default-devel-3.0.101-108.126.1 kernel-default-man-3.0.101-108.126.1 kernel-ec2-3.0.101-108.126.1 kernel-ec2-base-3.0.101-108.126.1 kernel-ec2-devel-3.0.101-108.126.1 kernel-pae-3.0.101-108.126.1 kernel-pae-base-3.0.101-108.126.1 kernel-pae-devel-3.0.101-108.126.1 kernel-ppc64-3.0.101-108.126.1 kernel-ppc64-base-3.0.101-108.126.1 kernel-ppc64-devel-3.0.101-108.126.1 kernel-source-3.0.101-108.126.1 kernel-syms-3.0.101-108.126.1 kernel-trace-3.0.101-108.126.1 kernel-trace-base-3.0.101-108.126.1 kernel-trace-devel-3.0.101-108.126.1 kernel-xen-3.0.101-108.126.1 kernel-xen-base-3.0.101-108.126.1 kernel-xen-devel-3.0.101-108.126.1 kernel-bigmem-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-base-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-devel-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-base-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-devel-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-man-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-base-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-devel-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-base-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-devel-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-base-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-devel-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-source-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-syms-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-base-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-devel-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-base-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-devel-3.0.101-108.126.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-35519 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 important 6.8 AV:L/AC:L/Au:N/C:C/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2020-35519.html CVE-2020-35519 https://bugzilla.suse.com/1183696 SUSE Bug 1183696 https://bugzilla.suse.com/1184953 SUSE Bug 1184953 https://bugzilla.suse.com/1211495 SUSE Bug 1211495 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. CVE-2020-36322 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2020-36322.html CVE-2020-36322 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 https://bugzilla.suse.com/1184952 SUSE Bug 1184952 https://bugzilla.suse.com/1189302 SUSE Bug 1189302 A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw. CVE-2021-20261 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-20261.html CVE-2021-20261 https://bugzilla.suse.com/1183400 SUSE Bug 1183400 https://bugzilla.suse.com/1183402 SUSE Bug 1183402 An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. CVE-2021-27363 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 important 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-27363.html CVE-2021-27363 https://bugzilla.suse.com/1182716 SUSE Bug 1182716 https://bugzilla.suse.com/1182717 SUSE Bug 1182717 https://bugzilla.suse.com/1183120 SUSE Bug 1183120 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. CVE-2021-27364 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 important 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-27364.html CVE-2021-27364 https://bugzilla.suse.com/1182715 SUSE Bug 1182715 https://bugzilla.suse.com/1182716 SUSE Bug 1182716 https://bugzilla.suse.com/1182717 SUSE Bug 1182717 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 https://bugzilla.suse.com/1214268 SUSE Bug 1214268 https://bugzilla.suse.com/1218966 SUSE Bug 1218966 An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. CVE-2021-27365 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-27365.html CVE-2021-27365 https://bugzilla.suse.com/1182712 SUSE Bug 1182712 https://bugzilla.suse.com/1182715 SUSE Bug 1182715 https://bugzilla.suse.com/1183491 SUSE Bug 1183491 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 https://bugzilla.suse.com/1214268 SUSE Bug 1214268 https://bugzilla.suse.com/1218966 SUSE Bug 1218966 An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. CVE-2021-28950 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-28950.html CVE-2021-28950 https://bugzilla.suse.com/1184194 SUSE Bug 1184194 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. CVE-2021-28972 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-28972.html CVE-2021-28972 https://bugzilla.suse.com/1184198 SUSE Bug 1184198 https://bugzilla.suse.com/1220060 SUSE Bug 1220060 An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. CVE-2021-29650 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-29650.html CVE-2021-29650 https://bugzilla.suse.com/1184208 SUSE Bug 1184208 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. CVE-2021-30002 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-30002.html CVE-2021-30002 https://bugzilla.suse.com/1184120 SUSE Bug 1184120 A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected CVE-2021-3483 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.126.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.126.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114724-1/ https://www.suse.com/security/cve/CVE-2021-3483.html CVE-2021-3483 https://bugzilla.suse.com/1184393 SUSE Bug 1184393