Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1477-1 Final 1 1 2021-11-15T12:24:45Z current 2021-11-15T12:24:45Z 2021-11-15T12:24:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416 bnc#1129735). - CVE-2021-33033: The Linux kernel had a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1188876). - CVE-2021-34556: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-35477: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Invalid chunks may be used to remotely remove existing associations (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-42252: An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c where local attackers were able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673 bnc#1192036). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: It allowed a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values (bnc#1192107). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes). - Add cherry-picked commit id to the usb hso fix (git-fixes) - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Update timeout value in comment (git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: use _rpmmacrodir (boo#1191384) - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1477 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ E-Mail link for openSUSE-SU-2021:1477-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1085030 SUSE Bug 1085030 https://bugzilla.suse.com/1100416 SUSE Bug 1100416 https://bugzilla.suse.com/1129735 SUSE Bug 1129735 https://bugzilla.suse.com/1152489 SUSE Bug 1152489 https://bugzilla.suse.com/1154353 SUSE Bug 1154353 https://bugzilla.suse.com/1156395 SUSE Bug 1156395 https://bugzilla.suse.com/1157177 SUSE Bug 1157177 https://bugzilla.suse.com/1167773 SUSE Bug 1167773 https://bugzilla.suse.com/1172073 SUSE Bug 1172073 https://bugzilla.suse.com/1173604 SUSE Bug 1173604 https://bugzilla.suse.com/1176940 SUSE Bug 1176940 https://bugzilla.suse.com/1184673 SUSE Bug 1184673 https://bugzilla.suse.com/1185762 SUSE Bug 1185762 https://bugzilla.suse.com/1186109 SUSE Bug 1186109 https://bugzilla.suse.com/1187167 SUSE Bug 1187167 https://bugzilla.suse.com/1188563 SUSE Bug 1188563 https://bugzilla.suse.com/1188876 SUSE Bug 1188876 https://bugzilla.suse.com/1188983 SUSE Bug 1188983 https://bugzilla.suse.com/1188985 SUSE Bug 1188985 https://bugzilla.suse.com/1189841 SUSE Bug 1189841 https://bugzilla.suse.com/1190006 SUSE Bug 1190006 https://bugzilla.suse.com/1190067 SUSE Bug 1190067 https://bugzilla.suse.com/1190349 SUSE Bug 1190349 https://bugzilla.suse.com/1190351 SUSE Bug 1190351 https://bugzilla.suse.com/1190479 SUSE Bug 1190479 https://bugzilla.suse.com/1190620 SUSE Bug 1190620 https://bugzilla.suse.com/1190642 SUSE Bug 1190642 https://bugzilla.suse.com/1190795 SUSE Bug 1190795 https://bugzilla.suse.com/1190941 SUSE Bug 1190941 https://bugzilla.suse.com/1191229 SUSE Bug 1191229 https://bugzilla.suse.com/1191238 SUSE Bug 1191238 https://bugzilla.suse.com/1191241 SUSE Bug 1191241 https://bugzilla.suse.com/1191315 SUSE Bug 1191315 https://bugzilla.suse.com/1191317 SUSE Bug 1191317 https://bugzilla.suse.com/1191343 SUSE Bug 1191343 https://bugzilla.suse.com/1191349 SUSE Bug 1191349 https://bugzilla.suse.com/1191384 SUSE Bug 1191384 https://bugzilla.suse.com/1191449 SUSE Bug 1191449 https://bugzilla.suse.com/1191450 SUSE Bug 1191450 https://bugzilla.suse.com/1191451 SUSE Bug 1191451 https://bugzilla.suse.com/1191452 SUSE Bug 1191452 https://bugzilla.suse.com/1191455 SUSE Bug 1191455 https://bugzilla.suse.com/1191456 SUSE Bug 1191456 https://bugzilla.suse.com/1191628 SUSE Bug 1191628 https://bugzilla.suse.com/1191731 SUSE Bug 1191731 https://bugzilla.suse.com/1191800 SUSE Bug 1191800 https://bugzilla.suse.com/1191934 SUSE Bug 1191934 https://bugzilla.suse.com/1191958 SUSE Bug 1191958 https://bugzilla.suse.com/1192036 SUSE Bug 1192036 https://bugzilla.suse.com/1192040 SUSE Bug 1192040 https://bugzilla.suse.com/1192041 SUSE Bug 1192041 https://bugzilla.suse.com/1192107 SUSE Bug 1192107 https://bugzilla.suse.com/1192145 SUSE Bug 1192145 https://bugzilla.suse.com/1192267 SUSE Bug 1192267 https://bugzilla.suse.com/1192549 SUSE Bug 1192549 https://www.suse.com/security/cve/CVE-2018-13405/ SUSE CVE CVE-2018-13405 page https://www.suse.com/security/cve/CVE-2021-33033/ SUSE CVE CVE-2021-33033 page https://www.suse.com/security/cve/CVE-2021-34556/ SUSE CVE CVE-2021-34556 page https://www.suse.com/security/cve/CVE-2021-3542/ SUSE CVE CVE-2021-3542 page https://www.suse.com/security/cve/CVE-2021-35477/ SUSE CVE CVE-2021-35477 page https://www.suse.com/security/cve/CVE-2021-3655/ SUSE CVE CVE-2021-3655 page https://www.suse.com/security/cve/CVE-2021-3715/ SUSE CVE CVE-2021-3715 page https://www.suse.com/security/cve/CVE-2021-3760/ SUSE CVE CVE-2021-3760 page https://www.suse.com/security/cve/CVE-2021-3772/ SUSE CVE CVE-2021-3772 page https://www.suse.com/security/cve/CVE-2021-3896/ SUSE CVE CVE-2021-3896 page https://www.suse.com/security/cve/CVE-2021-41864/ SUSE CVE CVE-2021-41864 page https://www.suse.com/security/cve/CVE-2021-42008/ SUSE CVE CVE-2021-42008 page https://www.suse.com/security/cve/CVE-2021-42252/ SUSE CVE CVE-2021-42252 page https://www.suse.com/security/cve/CVE-2021-42739/ SUSE CVE CVE-2021-42739 page https://www.suse.com/security/cve/CVE-2021-43056/ SUSE CVE CVE-2021-43056 page openSUSE Leap 15.2 kernel-debug-5.3.18-lp152.102.1 kernel-debug-devel-5.3.18-lp152.102.1 kernel-default-5.3.18-lp152.102.1 kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 kernel-default-devel-5.3.18-lp152.102.1 kernel-devel-5.3.18-lp152.102.1 kernel-docs-5.3.18-lp152.102.1 kernel-docs-html-5.3.18-lp152.102.1 kernel-kvmsmall-5.3.18-lp152.102.1 kernel-kvmsmall-devel-5.3.18-lp152.102.1 kernel-macros-5.3.18-lp152.102.1 kernel-obs-build-5.3.18-lp152.102.1 kernel-obs-qa-5.3.18-lp152.102.1 kernel-preempt-5.3.18-lp152.102.1 kernel-preempt-devel-5.3.18-lp152.102.1 kernel-source-5.3.18-lp152.102.1 kernel-source-vanilla-5.3.18-lp152.102.1 kernel-syms-5.3.18-lp152.102.1 kernel-debug-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-debug-devel-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-default-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 as a component of openSUSE Leap 15.2 kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 as a component of openSUSE Leap 15.2 kernel-default-devel-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-devel-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-docs-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-docs-html-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-kvmsmall-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-kvmsmall-devel-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-macros-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-obs-build-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-obs-qa-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-preempt-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-preempt-devel-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-source-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-source-vanilla-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 kernel-syms-5.3.18-lp152.102.1 as a component of openSUSE Leap 15.2 The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. CVE-2018-13405 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2018-13405.html CVE-2018-13405 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1100416 SUSE Bug 1100416 https://bugzilla.suse.com/1129735 SUSE Bug 1129735 https://bugzilla.suse.com/1195161 SUSE Bug 1195161 https://bugzilla.suse.com/1198702 SUSE Bug 1198702 The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. CVE-2021-33033 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-33033.html CVE-2021-33033 https://bugzilla.suse.com/1186109 SUSE Bug 1186109 https://bugzilla.suse.com/1186283 SUSE Bug 1186283 https://bugzilla.suse.com/1188876 SUSE Bug 1188876 In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. CVE-2021-34556 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-34556.html CVE-2021-34556 https://bugzilla.suse.com/1188983 SUSE Bug 1188983 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2021-3542 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-3542.html CVE-2021-3542 https://bugzilla.suse.com/1184673 SUSE Bug 1184673 https://bugzilla.suse.com/1186063 SUSE Bug 1186063 In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. CVE-2021-35477 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-35477.html CVE-2021-35477 https://bugzilla.suse.com/1188985 SUSE Bug 1188985 A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. CVE-2021-3655 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-3655.html CVE-2021-3655 https://bugzilla.suse.com/1188563 SUSE Bug 1188563 A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-3715 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-3715.html CVE-2021-3715 https://bugzilla.suse.com/1190349 SUSE Bug 1190349 https://bugzilla.suse.com/1190350 SUSE Bug 1190350 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. CVE-2021-3760 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-3760.html CVE-2021-3760 https://bugzilla.suse.com/1190067 SUSE Bug 1190067 A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. CVE-2021-3772 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-3772.html CVE-2021-3772 https://bugzilla.suse.com/1190351 SUSE Bug 1190351 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2021-3896 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-3896.html CVE-2021-3896 https://bugzilla.suse.com/1191958 SUSE Bug 1191958 prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. CVE-2021-41864 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-41864.html CVE-2021-41864 https://bugzilla.suse.com/1191317 SUSE Bug 1191317 https://bugzilla.suse.com/1191318 SUSE Bug 1191318 The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. CVE-2021-42008 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-42008.html CVE-2021-42008 https://bugzilla.suse.com/1191315 SUSE Bug 1191315 https://bugzilla.suse.com/1191660 SUSE Bug 1191660 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 https://bugzilla.suse.com/1196810 SUSE Bug 1196810 https://bugzilla.suse.com/1196914 SUSE Bug 1196914 An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. CVE-2021-42252 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-42252.html CVE-2021-42252 https://bugzilla.suse.com/1190479 SUSE Bug 1190479 https://bugzilla.suse.com/1192444 SUSE Bug 1192444 The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. CVE-2021-42739 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-42739.html CVE-2021-42739 https://bugzilla.suse.com/1184673 SUSE Bug 1184673 https://bugzilla.suse.com/1192036 SUSE Bug 1192036 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 https://bugzilla.suse.com/1196914 SUSE Bug 1196914 An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. CVE-2021-43056 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.102.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.102.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/ https://www.suse.com/security/cve/CVE-2021-43056.html CVE-2021-43056 https://bugzilla.suse.com/1192107 SUSE Bug 1192107