QID 751163

Date Published: 2021-09-28

QID 751163: SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3206-1)

The suse linux enterprise 12 sp5 kernel was updated to receive various security and bugfixes.
the following security bugs were fixed: - cve-2018-9517: fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
- cve-2019-3874: fixed possible denial of service attack via sctp socket buffer used by a userspace applications (bnc#1129898).
- cve-2019-3900: fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374).
- cve-2021-3640: fixed a use-after-free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- cve-2021-3653: missing validation of the `int_ctl` vmcb field and allows a malicious l1 guest to enable avic support for the l2 guest.
(bsc#1189399).
- cve-2021-3656: missing validation of the the `virt_ext` vmcb field and allows a malicious l1 guest to disable both vmload/vmsave intercepts and vls for the l2 guest (bsc#1189400).
- cve-2021-3679: a lack of cpu resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way.
Only privileged local users (with cap_sys_admin capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- cve-2021-3732: mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- cve-2021-3753: fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- cve-2021-3759: unaccounted ipc objects in linux kernel could have lead to breaking memcg limits and dos attacks (bsc#1190115).
- cve-2021-38160: data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - cve-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- cve-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a max-3421 usb device in certain situations (bnc#1189291).
- cve-2021-34556: fixed side-channel attack via a speculative store bypass via unprivileged bpf program that could have obtain sensitive information from kernel memory (bsc#1188983).
- cve-2021-35477: fixed bpf stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- cve-2020-12770: fixed sg_remove_request call in a certain failure cases (bsc#1171420).

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation allows attacker to compromise the system.

  • CVSS V3 rated as Critical - 8.8 severity.
  • CVSS V2 rated as High - 7.2 severity.
    • Solution
    Upgrade to the latest package which contains the patch. To install this SUSE Security, Update use YaST online_update. Alternatively you can run the command listed for your product. To install packages using the command line interface, use command "yum update". Refer to Suse security advisory: SUSE-SU-2021:3206-1 to address this issue and obtain further details.
    Vendor References

    CVEs related to QID 751163

    CVE-2021-3653 | CVE-2021-3759 | CVE-2021-35477 | CVE-2021-3732 | CVE-2021-38160 | CVE-2021-38204 | CVE-2020-12770 | CVE-2021-34556 | CVE-2018-9517 | CVE-2021-3656 | CVE-2021-3753 | CVE-2021-38198 | CVE-2019-3874 | CVE-2021-3640 | CVE-2021-3679 | CVE-2019-3900 |
    Software Advisories
    Advisory ID Software Component Link
    SUSE-SU-2021:3206-1 SUSE Enterprise Linux URL Logo lists.suse.com/pipermail/sle-security-updates/2021-September/009499.html
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].