drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Linux
Name: |
Denial of Service in Linux |
|
ID: |
SUSE-SU-2021:0742-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Workstation Extension 12-SP5, SUSE Linux Enterprise Live Patching 12-SP5, SUSE Linux Enterprise High Availability 12-SP5 |
|
Datum: |
Mi, 10. März 2021, 07:16 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348 |
|
Applikationen: |
Linux |
|
Originalnachricht |
SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________
Announcement ID: SUSE-SU-2021:0742-1 Rating: important References: #1065600 #1065729 #1078720 #1081134 #1084610 #1114648 #1163617 #1163930 #1169514 #1170442 #1176855 #1177440 #1178049 #1179082 #1179142 #1179612 #1179709 #1180058 #1181346 #1181504 #1181574 #1181671 #1181809 #1181854 #1181896 #1181931 #1181960 #1181985 #1181987 #1181996 #1181998 #1182038 #1182047 #1182118 #1182130 #1182140 #1182171 #1182173 #1182175 #1182182 #1182184 #1182195 #1182242 #1182243 #1182248 #1182269 #1182302 #1182307 #1182310 #1182438 #1182447 #1182448 #1182449 #1182460 #1182461 #1182462 #1182463 #1182464 #1182465 #1182466 #1182560 #1182561 #1182571 #1182590 #1182610 #1182612 #1182650 #1182652 Cross-References: CVE-2021-3348 CVSS scores: CVE-2021-3348 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________
An update that solves one vulnerability and has 67 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.
The following security bug was fixed:
- CVE-2021-3348: Fixed a use-after-free read in nbd_queue_rq (bsc#1181504).
The following non-security bugs were fixed:
- ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - block: fix use-after-free in disk_part_iter_next (bsc#1182610). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - BTRFS: Cleanup try_flush_qgroup (bsc#1182047). - BTRFS: correctly calculate item size used when item key collision happens (bsc#1181996). - BTRFS: correctly validate compression type (bsc#1182269). - BTRFS: delete the ordered isize update code (bsc#1181998). - BTRFS: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: do not set path->leave_spinning for truncate (bsc#1181998). - BTRFS: factor out extent dropping code from hole punch handler (bsc#1182038). - BTRFS: fix cloning range with a hole when using the NO_HOLES feature (bsc#1182038). - BTRFS: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130) - BTRFS: fix ENOSPC errors, leading to transaction aborts, when cloning extents (bsc#1182038). - BTRFS: fix hole extent items with a zero size after range cloning (bsc#1182038). - BTRFS: fix lost i_size update after cloning inline extent (bsc#1181998). - BTRFS: fix mount failure caused by race with umount (bsc#1182248). - BTRFS: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - BTRFS: fix unexpected cow in run_delalloc_nocow (bsc#1181987). - BTRFS: fix unexpected failure of nocow buffered writes after snapshotting when low on space (bsc#1181987). - BTRFS: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: incremental send, fix file corruption when no-holes feature is enabled (bsc#1182184). - BTRFS: Introduce extent_io_tree::owner to distinguish different io_trees (bsc#1181998). - BTRFS: introduce per-inode file extent tree (bsc#1181998). - BTRFS: prepare for extensions in compression options (bsc#1182269). - BTRFS: prop: fix vanished compression property after failed set (bsc#1182269). - BTRFS: prop: fix zstd compression parameter validation (bsc#1182269). - BTRFS: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: replace all uses of btrfs_ordered_update_i_size (bsc#1181998). - BTRFS: send, allow clone operations within the same file (bsc#1182173) - BTRFS: send, do not issue unnecessary truncate operations (bsc#1182173) - BTRFS: send, fix emission of invalid clone operations within the same file (bsc#1182173) - BTRFS: send, fix incorrect file layout after hole punching beyond eof (bsc#1182173). - BTRFS: send: fix invalid clone operations when cloning from the same file and root (bsc#1182173) - BTRFS: send, fix missing truncate for inode with prealloc extent past eof (bsc#1182173). - BTRFS: send, orphanize first all conflicting inodes when processing references (bsc#1182243 bsc#1182242). - BTRFS: send, recompute reference path after orphanization of a directory (bsc#1182243). - BTRFS: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: transaction: Avoid deadlock due to bad initialization timing of fs_info::journal_info (bsc#1181931). - BTRFS: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - BTRFS: Use bd_dev to generate index when dev_state_hashtable add items (bsc#1181931). - BTRFS: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1181998). - BTRFS: use the file extent tree infrastructure (bsc#1181998). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049). - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ("kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.") - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464). - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - Fix unsynchronized access to sev members through svm_register_enc_region (bsc#1114648). - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - fs: move I_DIRTY_INODE to fs.h (bsc#1182612). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - ibmvnic: serialize access to work queue on remove (bsc#1065729). - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612). - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).") - kernfs: deal with kernfs_fill_super() failures (bsc#1181809). - KVM: apic: Flush TLB after APIC mode/address change if VPIDs are in use (bsc#1182302). - KVM: Fix kABI for set_virtual_apic_mode (bsc#1182310). - KVM: Fix kABI for tlb_flush (bsc#1182195). - kvm-vmx-Basic-APIC-virtualization-controls-have-thre.patch: (bsc#1182310). - KVM: VMX: check for existence of secondary exec controls before accessing (bsc#1182438). - KVM: VMX: hide flexpriority from guest when disabled at the module level (bsc#1182448). - kvm-vmx-Introduce-lapic_mode-enumeration.patch: (bsc#1182307). - KVM: x86: emulate RDPID (bsc#1182182). - KVM: x86: emulating RDPID failure shall return #UD rather than - KVM: X86: introduce invalidate_gpa argument to tlb flush (bsc#1182195). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: pwc: Use correct device for DMA (git-fixes). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net: bcmgenet: add support for ethtool rxnfc flows (git-fixes). - net: bcmgenet: code movement (git-fixes). - net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes). - net: bcmgenet: Use correct I/O accessors (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - nvme-multipath: Early exit if no path is available (git-fixes). - objtool: Do not fail on missing symbol table (bsc#1169514). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - powerpc: Fix alignment bug within the init sections (bsc#1065729). - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - quota: Fix error codes in v2_read_file_info() (bsc#1182652). - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - quota: Sanity-check quota file headers on load (bsc#1182461). - regulator: axp20x: Fix reference cout leak (git-fixes). - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - reset: hisilicon: correct vendor prefix (git-fixes). - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - s390/pci: adaptation of iommu to multifunction (bsc#1179612). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - scsi: target: Fix truncated PR-in ReadKeys response (bsc#1182590). - scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - tracing: Check length before giving out the filter buffer (git-fixes). - tracing: Do not count ftrace events in top level enable output (git-fixes). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes). - USB: dwc2: Make "trimming xfer length" a debug message (git-fixes). - USB: musb: Fix runtime PM race in mUSB_queue_resume_work (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1179612). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1114648). - x86/efistub: Disable paging at mixed mode entry (bsc#1114648). - x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80" (bsc#1114648). - x86/entry/64/compat: Preserve r8-r11 in int $0x80 (bsc#1114648). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1114648). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1114648). - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - xhci: fix bounce buffer usage for non-sg list case (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2021-742=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-742=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-742=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-742=1
- SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2021-742=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.63.1 kernel-default-debugsource-4.12.14-122.63.1 kernel-default-extra-4.12.14-122.63.1 kernel-default-extra-debuginfo-4.12.14-122.63.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.12.14-122.63.1 kernel-obs-build-debugsource-4.12.14-122.63.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.63.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.63.1 kernel-default-base-4.12.14-122.63.1 kernel-default-base-debuginfo-4.12.14-122.63.1 kernel-default-debuginfo-4.12.14-122.63.1 kernel-default-debugsource-4.12.14-122.63.1 kernel-default-devel-4.12.14-122.63.1 kernel-syms-4.12.14-122.63.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.63.1 kernel-macros-4.12.14-122.63.1 kernel-source-4.12.14-122.63.1
- SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.63.1
- SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.63.1
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.63.1 kernel-default-debugsource-4.12.14-122.63.1 kernel-default-kgraft-4.12.14-122.63.1 kernel-default-kgraft-devel-4.12.14-122.63.1 kgraft-patch-4_12_14-122_63-default-1-8.3.1
- SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.63.1 cluster-md-kmp-default-debuginfo-4.12.14-122.63.1 dlm-kmp-default-4.12.14-122.63.1 dlm-kmp-default-debuginfo-4.12.14-122.63.1 gfs2-kmp-default-4.12.14-122.63.1 gfs2-kmp-default-debuginfo-4.12.14-122.63.1 kernel-default-debuginfo-4.12.14-122.63.1 kernel-default-debugsource-4.12.14-122.63.1 ocfs2-kmp-default-4.12.14-122.63.1 ocfs2-kmp-default-debuginfo-4.12.14-122.63.1
References:
https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1078720 https://bugzilla.suse.com/1081134 https://bugzilla.suse.com/1084610 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1163617 https://bugzilla.suse.com/1163930 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1177440 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179612 https://bugzilla.suse.com/1179709 https://bugzilla.suse.com/1180058 https://bugzilla.suse.com/1181346 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181574 https://bugzilla.suse.com/1181671 https://bugzilla.suse.com/1181809 https://bugzilla.suse.com/1181854 https://bugzilla.suse.com/1181896 https://bugzilla.suse.com/1181931 https://bugzilla.suse.com/1181960 https://bugzilla.suse.com/1181985 https://bugzilla.suse.com/1181987 https://bugzilla.suse.com/1181996 https://bugzilla.suse.com/1181998 https://bugzilla.suse.com/1182038 https://bugzilla.suse.com/1182047 https://bugzilla.suse.com/1182118 https://bugzilla.suse.com/1182130 https://bugzilla.suse.com/1182140 https://bugzilla.suse.com/1182171 https://bugzilla.suse.com/1182173 https://bugzilla.suse.com/1182175 https://bugzilla.suse.com/1182182 https://bugzilla.suse.com/1182184 https://bugzilla.suse.com/1182195 https://bugzilla.suse.com/1182242 https://bugzilla.suse.com/1182243 https://bugzilla.suse.com/1182248 https://bugzilla.suse.com/1182269 https://bugzilla.suse.com/1182302 https://bugzilla.suse.com/1182307 https://bugzilla.suse.com/1182310 https://bugzilla.suse.com/1182438 https://bugzilla.suse.com/1182447 https://bugzilla.suse.com/1182448 https://bugzilla.suse.com/1182449 https://bugzilla.suse.com/1182460 https://bugzilla.suse.com/1182461 https://bugzilla.suse.com/1182462 https://bugzilla.suse.com/1182463 https://bugzilla.suse.com/1182464 https://bugzilla.suse.com/1182465 https://bugzilla.suse.com/1182466 https://bugzilla.suse.com/1182560 https://bugzilla.suse.com/1182561 https://bugzilla.suse.com/1182571 https://bugzilla.suse.com/1182590 https://bugzilla.suse.com/1182610 https://bugzilla.suse.com/1182612 https://bugzilla.suse.com/1182650 https://bugzilla.suse.com/1182652
|
|
|
|