Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0579-1 Final 1 1 2021-04-19T12:09:04Z current 2021-04-19T12:09:04Z 2021-04-19T12:09:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - fix Patch-mainline: patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch - fix patch metadata - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - gianfar: Handle error code at MAC address change (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: wan/lmc: unregister device when no matching device is found (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: fix setting irq affinity (bsc#1184583). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-579 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ E-Mail link for openSUSE-SU-2021:0579-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1047233 SUSE Bug 1047233 https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1113295 SUSE Bug 1113295 https://bugzilla.suse.com/1152489 SUSE Bug 1152489 https://bugzilla.suse.com/1154353 SUSE Bug 1154353 https://bugzilla.suse.com/1155518 SUSE Bug 1155518 https://bugzilla.suse.com/1156395 SUSE Bug 1156395 https://bugzilla.suse.com/1167574 SUSE Bug 1167574 https://bugzilla.suse.com/1175995 SUSE Bug 1175995 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 https://bugzilla.suse.com/1181507 SUSE Bug 1181507 https://bugzilla.suse.com/1183405 SUSE Bug 1183405 https://bugzilla.suse.com/1184074 SUSE Bug 1184074 https://bugzilla.suse.com/1184120 SUSE Bug 1184120 https://bugzilla.suse.com/1184194 SUSE Bug 1184194 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 https://bugzilla.suse.com/1184388 SUSE Bug 1184388 https://bugzilla.suse.com/1184391 SUSE Bug 1184391 https://bugzilla.suse.com/1184393 SUSE Bug 1184393 https://bugzilla.suse.com/1184485 SUSE Bug 1184485 https://bugzilla.suse.com/1184509 SUSE Bug 1184509 https://bugzilla.suse.com/1184511 SUSE Bug 1184511 https://bugzilla.suse.com/1184512 SUSE Bug 1184512 https://bugzilla.suse.com/1184514 SUSE Bug 1184514 https://bugzilla.suse.com/1184583 SUSE Bug 1184583 https://bugzilla.suse.com/1184585 SUSE Bug 1184585 https://bugzilla.suse.com/1184647 SUSE Bug 1184647 https://www.suse.com/security/cve/CVE-2020-25670/ SUSE CVE CVE-2020-25670 page https://www.suse.com/security/cve/CVE-2020-25671/ SUSE CVE CVE-2020-25671 page https://www.suse.com/security/cve/CVE-2020-25672/ SUSE CVE CVE-2020-25672 page https://www.suse.com/security/cve/CVE-2020-25673/ SUSE CVE CVE-2020-25673 page https://www.suse.com/security/cve/CVE-2020-36310/ SUSE CVE CVE-2020-36310 page https://www.suse.com/security/cve/CVE-2020-36311/ SUSE CVE CVE-2020-36311 page https://www.suse.com/security/cve/CVE-2020-36312/ SUSE CVE CVE-2020-36312 page https://www.suse.com/security/cve/CVE-2020-36322/ SUSE CVE CVE-2020-36322 page https://www.suse.com/security/cve/CVE-2021-28950/ SUSE CVE CVE-2021-28950 page https://www.suse.com/security/cve/CVE-2021-29154/ SUSE CVE CVE-2021-29154 page https://www.suse.com/security/cve/CVE-2021-30002/ SUSE CVE CVE-2021-30002 page https://www.suse.com/security/cve/CVE-2021-3483/ SUSE CVE CVE-2021-3483 page openSUSE Leap 15.2 kernel-debug-5.3.18-lp152.72.1 kernel-debug-devel-5.3.18-lp152.72.1 kernel-default-5.3.18-lp152.72.1 kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 kernel-default-devel-5.3.18-lp152.72.1 kernel-devel-5.3.18-lp152.72.1 kernel-docs-5.3.18-lp152.72.1 kernel-docs-html-5.3.18-lp152.72.1 kernel-kvmsmall-5.3.18-lp152.72.1 kernel-kvmsmall-devel-5.3.18-lp152.72.1 kernel-macros-5.3.18-lp152.72.1 kernel-obs-build-5.3.18-lp152.72.1 kernel-obs-qa-5.3.18-lp152.72.1 kernel-preempt-5.3.18-lp152.72.1 kernel-preempt-devel-5.3.18-lp152.72.1 kernel-source-5.3.18-lp152.72.1 kernel-source-vanilla-5.3.18-lp152.72.1 kernel-syms-5.3.18-lp152.72.1 kernel-debug-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-debug-devel-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-default-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 as a component of openSUSE Leap 15.2 kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 as a component of openSUSE Leap 15.2 kernel-default-devel-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-devel-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-docs-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-docs-html-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-kvmsmall-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-kvmsmall-devel-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-macros-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-obs-build-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-obs-qa-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-preempt-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-preempt-devel-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-source-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-source-vanilla-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 kernel-syms-5.3.18-lp152.72.1 as a component of openSUSE Leap 15.2 A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. CVE-2020-25670 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-25670.html CVE-2020-25670 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 https://bugzilla.suse.com/1194680 SUSE Bug 1194680 A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. CVE-2020-25671 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-25671.html CVE-2020-25671 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 A memory leak vulnerability was found in Linux kernel in llcp_sock_connect CVE-2020-25672 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-25672.html CVE-2020-25672 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. CVE-2020-25673 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-25673.html CVE-2020-25673 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. CVE-2020-36310 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-36310.html CVE-2020-36310 https://bugzilla.suse.com/1184512 SUSE Bug 1184512 An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. CVE-2020-36311 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-36311.html CVE-2020-36311 https://bugzilla.suse.com/1184511 SUSE Bug 1184511 An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. CVE-2020-36312 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-36312.html CVE-2020-36312 https://bugzilla.suse.com/1184509 SUSE Bug 1184509 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. CVE-2020-36322 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2020-36322.html CVE-2020-36322 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 https://bugzilla.suse.com/1184952 SUSE Bug 1184952 https://bugzilla.suse.com/1189302 SUSE Bug 1189302 An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. CVE-2021-28950 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2021-28950.html CVE-2021-28950 https://bugzilla.suse.com/1184194 SUSE Bug 1184194 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. CVE-2021-29154 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2021-29154.html CVE-2021-29154 https://bugzilla.suse.com/1184391 SUSE Bug 1184391 https://bugzilla.suse.com/1184710 SUSE Bug 1184710 https://bugzilla.suse.com/1186408 SUSE Bug 1186408 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. CVE-2021-30002 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2021-30002.html CVE-2021-30002 https://bugzilla.suse.com/1184120 SUSE Bug 1184120 A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected CVE-2021-3483 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.72.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.72.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PH44XSVUZTRLJSGALUUATIQLKQWL4C5/ https://www.suse.com/security/cve/CVE-2021-3483.html CVE-2021-3483 https://bugzilla.suse.com/1184393 SUSE Bug 1184393