QID 750015

The suse linux enterprise 15 sp1 ltss kernel was updated to receive various security and bugfixes..
the following security bugs were fixed: - cve-2020-36312: fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509)..
- cve-2021-29650: fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208)..
- cve-2021-29155: fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat spectre mitigations and obtain sensitive information from kernel memory..
Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942)..
- cve-2020-36310: fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512)..
- cve-2020-27673: fixed an issue in xen where a guest os users could have caused a denial of service (host os hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583)..
- cve-2021-29154: fixed bpf jit compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391)..
- cve-2020-25673: fixed nfc endless loops caused by repeated llcp_sock_connect() (bsc#1178181)..
- cve-2020-25672: fixed nfc memory leak in llcp_sock_connect() (bsc#1178181)..
- cve-2020-25671: fixed nfc refcount leak in llcp_sock_connect() (bsc#1178181)..
- cve-2020-25670: fixed nfc refcount leak in llcp_sock_bind() (bsc#1178181)..
- cve-2020-36311: fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large sev vm (which requires unregistering many encrypted regions) (bnc#1184511)..
- cve-2021-28950: fixed an issue in fs/fuse/fuse_i.h where a "stall on cpu" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211)..
- cve-2020-36322: fixed an issue inside the fuse filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash..
Note: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as cve-2021-28950 (bnc#1184211)..
- cve-2021-30002: fixed a memory leak issue when a webcam device exists (bnc#1184120)..
- cve-2021-3483: fixed a use-after-free bug in nosy_ioctl() (bsc#1184393)..
- cve-2021-20219: fixed a denial of service vulnerability in drivers/tty/n_tty.c of the linux kernel..
In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397)..
- cve-2021-28964: fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193)..
- cve-2021-3444: fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0..
A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170)..
The lack of cleanup would result in leaking persistent grants..
.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation allows attacker to compromise the system.