Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:14764-1 Final 1 1 2021-07-13T07:46:15Z current 2021-07-13T07:46:15Z 2021-07-13T07:46:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-0512: Fixed a possible out of bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1187595) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861 bsc#1185863) - CVE-2021-29154: Fixed an incorrect computation of branch displacements in the BPF JIT compilers, which could allow to execute arbitrary code within the kernel context. (bsc#1184391) - CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611) - CVE-2020-24586: Fixed a bug that, under the right circumstances, allows to inject arbitrary network packets and/or exfiltrate user data when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP. (bsc#1185859 bsc#1185863) - CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward EAPOL frames to other clients even though the sender has not yet successfully authenticated. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients. (bsc#1185863 bsc#1186062) - CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (bsc#1185862 bsc#1185863) The following non-security bugs were fixed: - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp4-kernel-source-14764,slexsp3-kernel-source-14764 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ Link for SUSE-SU-2021:14764-1 https://lists.suse.com/pipermail/sle-security-updates/2021-July/009128.html E-Mail link for SUSE-SU-2021:14764-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184081 SUSE Bug 1184081 https://bugzilla.suse.com/1184391 SUSE Bug 1184391 https://bugzilla.suse.com/1184611 SUSE Bug 1184611 https://bugzilla.suse.com/1185859 SUSE Bug 1185859 https://bugzilla.suse.com/1185861 SUSE Bug 1185861 https://bugzilla.suse.com/1185862 SUSE Bug 1185862 https://bugzilla.suse.com/1185863 SUSE Bug 1185863 https://bugzilla.suse.com/1186062 SUSE Bug 1186062 https://bugzilla.suse.com/1187038 SUSE Bug 1187038 https://bugzilla.suse.com/1187452 SUSE Bug 1187452 https://bugzilla.suse.com/1187595 SUSE Bug 1187595 https://www.suse.com/security/cve/CVE-2020-24586/ SUSE CVE CVE-2020-24586 page https://www.suse.com/security/cve/CVE-2020-24587/ SUSE CVE CVE-2020-24587 page https://www.suse.com/security/cve/CVE-2020-24588/ SUSE CVE CVE-2020-24588 page https://www.suse.com/security/cve/CVE-2020-26139/ SUSE CVE CVE-2020-26139 page https://www.suse.com/security/cve/CVE-2020-36386/ SUSE CVE CVE-2020-36386 page https://www.suse.com/security/cve/CVE-2021-0512/ SUSE CVE CVE-2021-0512 page https://www.suse.com/security/cve/CVE-2021-29154/ SUSE CVE CVE-2021-29154 page https://www.suse.com/security/cve/CVE-2021-32399/ SUSE CVE CVE-2021-32399 page https://www.suse.com/security/cve/CVE-2021-34693/ SUSE CVE CVE-2021-34693 page SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-3.0.101-108.129.1 kernel-bigmem-base-3.0.101-108.129.1 kernel-bigmem-devel-3.0.101-108.129.1 kernel-default-3.0.101-108.129.1 kernel-default-base-3.0.101-108.129.1 kernel-default-devel-3.0.101-108.129.1 kernel-default-man-3.0.101-108.129.1 kernel-ec2-3.0.101-108.129.1 kernel-ec2-base-3.0.101-108.129.1 kernel-ec2-devel-3.0.101-108.129.1 kernel-pae-3.0.101-108.129.1 kernel-pae-base-3.0.101-108.129.1 kernel-pae-devel-3.0.101-108.129.1 kernel-ppc64-3.0.101-108.129.1 kernel-ppc64-base-3.0.101-108.129.1 kernel-ppc64-devel-3.0.101-108.129.1 kernel-source-3.0.101-108.129.1 kernel-syms-3.0.101-108.129.1 kernel-trace-3.0.101-108.129.1 kernel-trace-base-3.0.101-108.129.1 kernel-trace-devel-3.0.101-108.129.1 kernel-xen-3.0.101-108.129.1 kernel-xen-base-3.0.101-108.129.1 kernel-xen-devel-3.0.101-108.129.1 kernel-bigmem-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-base-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-bigmem-devel-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-base-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-devel-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-default-man-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-base-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ec2-devel-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-base-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-pae-devel-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-base-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-ppc64-devel-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-source-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-syms-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-base-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-trace-devel-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-base-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS kernel-xen-devel-3.0.101-108.129.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. CVE-2020-24586 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 2.9 AV:A/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2020-24586.html CVE-2020-24586 https://bugzilla.suse.com/1185859 SUSE Bug 1185859 https://bugzilla.suse.com/1192868 SUSE Bug 1192868 The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. CVE-2020-24587 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 1.8 AV:A/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2020-24587.html CVE-2020-24587 https://bugzilla.suse.com/1185859 SUSE Bug 1185859 https://bugzilla.suse.com/1185862 SUSE Bug 1185862 https://bugzilla.suse.com/1192868 SUSE Bug 1192868 The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. CVE-2020-24588 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 2.9 AV:A/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2020-24588.html CVE-2020-24588 https://bugzilla.suse.com/1185861 SUSE Bug 1185861 https://bugzilla.suse.com/1192868 SUSE Bug 1192868 https://bugzilla.suse.com/1199701 SUSE Bug 1199701 An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. CVE-2020-26139 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2020-26139.html CVE-2020-26139 https://bugzilla.suse.com/1186062 SUSE Bug 1186062 https://bugzilla.suse.com/1192868 SUSE Bug 1192868 An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. CVE-2020-36386 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 5.6 AV:L/AC:L/Au:N/C:P/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2020-36386.html CVE-2020-36386 https://bugzilla.suse.com/1187038 SUSE Bug 1187038 https://bugzilla.suse.com/1192868 SUSE Bug 1192868 In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel CVE-2021-0512 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2021-0512.html CVE-2021-0512 https://bugzilla.suse.com/1187595 SUSE Bug 1187595 https://bugzilla.suse.com/1187597 SUSE Bug 1187597 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. CVE-2021-29154 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2021-29154.html CVE-2021-29154 https://bugzilla.suse.com/1184391 SUSE Bug 1184391 https://bugzilla.suse.com/1184710 SUSE Bug 1184710 https://bugzilla.suse.com/1186408 SUSE Bug 1186408 net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2021-32399.html CVE-2021-32399 https://bugzilla.suse.com/1184611 SUSE Bug 1184611 https://bugzilla.suse.com/1185898 SUSE Bug 1185898 https://bugzilla.suse.com/1185899 SUSE Bug 1185899 https://bugzilla.suse.com/1196174 SUSE Bug 1196174 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 https://bugzilla.suse.com/1201734 SUSE Bug 1201734 net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. CVE-2021-34693 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-bigmem-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-default-man-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ec2-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-pae-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-ppc64-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-source-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-syms-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-trace-devel-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-base-3.0.101-108.129.1 SUSE Linux Enterprise Server 11 SP4-LTSS:kernel-xen-devel-3.0.101-108.129.1 important 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/ https://www.suse.com/security/cve/CVE-2021-34693.html CVE-2021-34693 https://bugzilla.suse.com/1187452 SUSE Bug 1187452 https://bugzilla.suse.com/1192868 SUSE Bug 1192868