SB2021092329 - SUSE update for the Linux Kernel
Published: September 23, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-12770)
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.
2) Information disclosure (CVE-ID: CVE-2021-34556)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
3) Observable discrepancy (CVE-ID: CVE-2021-35477)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable discrepancy error. A local user can gain access to sensitive information.
4) Use-after-free (CVE-ID: CVE-2021-3640)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.
5) Security restrictions bypass (CVE-ID: CVE-2021-3653)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.
As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
6) Security restrictions bypass (CVE-ID: CVE-2021-3656)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest.The vulnerability allows the L2 guest to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
7) Resource exhaustion (CVE-ID: CVE-2021-3679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-3732)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.
9) NULL pointer dereference (CVE-ID: CVE-2021-3739)
The vulnerability allows a local user to read data or crash the application.
The vulnerability exists due to NULL pointer dereference within the btrfs_rm_device() function in fs/btrfs/volumes.c. A local user can read data or crash the application.
10) Out-of-bounds read (CVE-ID: CVE-2021-3743)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.
11) Out-of-bounds read (CVE-ID: CVE-2021-3753)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.
12) Resource exhaustion (CVE-ID: CVE-2021-3759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
13) Out-of-bounds read (CVE-ID: CVE-2021-38166)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the kvmalloc() function in kernel/bpf/hashtab.c. A local user can execute arbitrary code.
14) Incorrect permission assignment for critical resource (CVE-ID: CVE-2021-38198)
The vulnerability allows a local user to perform a denial of service attack.The vulnerability exists due to arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page. A local user can trigger an error to perform a denial of service attack.
15) Use-after-free (CVE-ID: CVE-2021-38204)
The vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.
16) Access of uninitialized pointer (CVE-ID: CVE-2021-38205)
The vulnerability allows a local user to manipulate data.
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
17) Null pointer dereference (CVE-ID: CVE-2021-38206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.
18) Buffer overflow (CVE-ID: CVE-2021-38207)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about 10 minutes.
19) Observable discrepancy (CVE-ID: CVE-2021-38209)
The vulnerability allows a local user to gain access to sensitive information.
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.
Remediation
Install update from vendor's website.