Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:2409-1 Final 1 1 2021-07-20T12:40:53Z current 2021-07-20T12:40:53Z 2021-07-20T12:40:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c (bnc#1188116 ). - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges (bsc#1188062). The following non-security bugs were fixed: - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - usb: dwc3: Fix debugfs creation flow (git-fixes). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-2409 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PZY5AYK3E4EZBBTJOQXWCMRDFFYLM6EB/ E-Mail link for openSUSE-SU-2021:2409-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1152489 SUSE Bug 1152489 https://bugzilla.suse.com/1182470 SUSE Bug 1182470 https://bugzilla.suse.com/1185486 SUSE Bug 1185486 https://bugzilla.suse.com/1187927 SUSE Bug 1187927 https://bugzilla.suse.com/1187972 SUSE Bug 1187972 https://bugzilla.suse.com/1187980 SUSE Bug 1187980 https://bugzilla.suse.com/1188062 SUSE Bug 1188062 https://bugzilla.suse.com/1188116 SUSE Bug 1188116 https://www.suse.com/security/cve/CVE-2021-22555/ SUSE CVE CVE-2021-22555 page https://www.suse.com/security/cve/CVE-2021-33909/ SUSE CVE CVE-2021-33909 page openSUSE Leap 15.3 cluster-md-kmp-azure-5.3.18-38.14.1 dlm-kmp-azure-5.3.18-38.14.1 gfs2-kmp-azure-5.3.18-38.14.1 kernel-azure-5.3.18-38.14.1 kernel-azure-devel-5.3.18-38.14.1 kernel-azure-extra-5.3.18-38.14.1 kernel-azure-livepatch-devel-5.3.18-38.14.1 kernel-azure-optional-5.3.18-38.14.1 kernel-devel-azure-5.3.18-38.14.1 kernel-source-azure-5.3.18-38.14.1 kernel-syms-azure-5.3.18-38.14.1 kselftests-kmp-azure-5.3.18-38.14.1 ocfs2-kmp-azure-5.3.18-38.14.1 reiserfs-kmp-azure-5.3.18-38.14.1 cluster-md-kmp-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 dlm-kmp-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 gfs2-kmp-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-azure-devel-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-azure-extra-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-azure-livepatch-devel-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-azure-optional-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-devel-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-source-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kernel-syms-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 kselftests-kmp-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 ocfs2-kmp-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 reiserfs-kmp-azure-5.3.18-38.14.1 as a component of openSUSE Leap 15.3 A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space CVE-2021-22555 openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.14.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PZY5AYK3E4EZBBTJOQXWCMRDFFYLM6EB/ https://www.suse.com/security/cve/CVE-2021-22555.html CVE-2021-22555 https://bugzilla.suse.com/1188116 SUSE Bug 1188116 https://bugzilla.suse.com/1188117 SUSE Bug 1188117 https://bugzilla.suse.com/1188411 SUSE Bug 1188411 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. CVE-2021-33909 openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.14.1 openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.14.1 openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.14.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PZY5AYK3E4EZBBTJOQXWCMRDFFYLM6EB/ https://www.suse.com/security/cve/CVE-2021-33909.html CVE-2021-33909 https://bugzilla.suse.com/1188062 SUSE Bug 1188062 https://bugzilla.suse.com/1188063 SUSE Bug 1188063 https://bugzilla.suse.com/1188257 SUSE Bug 1188257 https://bugzilla.suse.com/1189302 SUSE Bug 1189302 https://bugzilla.suse.com/1190859 SUSE Bug 1190859