Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0291-1 Final 1 1 2022-02-02T09:02:38Z current 2022-02-02T09:02:38Z 2022-02-02T09:02:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2) This update for the Linux Kernel 5.3.18-24_52 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-291,SUSE-SLE-Module-Live-Patching-15-SP2-2022-290,SUSE-SLE-Module-Live-Patching-15-SP2-2022-291 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ Link for SUSE-SU-2022:0291-1 https://lists.suse.com/pipermail/sle-security-updates/2022-February/010172.html E-Mail link for SUSE-SU-2022:0291-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186061 SUSE Bug 1186061 https://bugzilla.suse.com/1191529 SUSE Bug 1191529 https://bugzilla.suse.com/1192036 SUSE Bug 1192036 https://bugzilla.suse.com/1194461 SUSE Bug 1194461 https://bugzilla.suse.com/1194680 SUSE Bug 1194680 https://bugzilla.suse.com/1194737 SUSE Bug 1194737 https://www.suse.com/security/cve/CVE-2020-25670/ SUSE CVE CVE-2020-25670 page https://www.suse.com/security/cve/CVE-2020-25671/ SUSE CVE CVE-2020-25671 page https://www.suse.com/security/cve/CVE-2020-25672/ SUSE CVE CVE-2020-25672 page https://www.suse.com/security/cve/CVE-2020-25673/ SUSE CVE CVE-2020-25673 page https://www.suse.com/security/cve/CVE-2020-3702/ SUSE CVE CVE-2020-3702 page https://www.suse.com/security/cve/CVE-2021-23134/ SUSE CVE CVE-2021-23134 page https://www.suse.com/security/cve/CVE-2021-4154/ SUSE CVE CVE-2021-4154 page https://www.suse.com/security/cve/CVE-2021-42739/ SUSE CVE CVE-2021-42739 page https://www.suse.com/security/cve/CVE-2022-0185/ SUSE CVE CVE-2022-0185 page SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_52-default-13-2.2 kernel-livepatch-5_3_18-24_52-preempt-13-2.2 kernel-livepatch-5_3_18-24_49-default-14-2.2 kernel-livepatch-5_3_18-24_49-default-14-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_52-default-13-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. CVE-2020-25670 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2020-25670.html CVE-2020-25670 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 https://bugzilla.suse.com/1194680 SUSE Bug 1194680 A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. CVE-2020-25671 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2020-25671.html CVE-2020-25671 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 A memory leak vulnerability was found in Linux kernel in llcp_sock_connect CVE-2020-25672 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2020-25672.html CVE-2020-25672 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. CVE-2020-25673 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2020-25673.html CVE-2020-25673 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 CVE-2020-3702 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2020-3702.html CVE-2020-3702 https://bugzilla.suse.com/1191193 SUSE Bug 1191193 https://bugzilla.suse.com/1191529 SUSE Bug 1191529 Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. CVE-2021-23134 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2021-23134.html CVE-2021-23134 https://bugzilla.suse.com/1186060 SUSE Bug 1186060 https://bugzilla.suse.com/1186061 SUSE Bug 1186061 A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. CVE-2021-4154 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2021-4154.html CVE-2021-4154 https://bugzilla.suse.com/1193842 SUSE Bug 1193842 https://bugzilla.suse.com/1194461 SUSE Bug 1194461 A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-42739 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2021-42739.html CVE-2021-42739 https://bugzilla.suse.com/1184673 SUSE Bug 1184673 https://bugzilla.suse.com/1192036 SUSE Bug 1192036 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 https://bugzilla.suse.com/1196914 SUSE Bug 1196914 A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. CVE-2022-0185 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-14-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-13-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ https://www.suse.com/security/cve/CVE-2022-0185.html CVE-2022-0185 https://bugzilla.suse.com/1194517 SUSE Bug 1194517 https://bugzilla.suse.com/1194737 SUSE Bug 1194737