SB2022052528 - SUSE update for kernel-firmware

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2021-26312)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error caused by failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force an IO device to write to memory it should not be able to access and execute arbitrary code with elevated privileges.

2) Input validation error (CVE-ID: CVE-2021-26339)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the AMD CPU’s core logic when using specific code from an unprivileged VM. A remote user with low-privileged access to guest OS can send a specific x86 instruction sequence that triggers CPU core hang.

3) Resource management error (CVE-ID: CVE-2021-26342)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the CPU may fail to flush the Translation Lookaside Buffer (TLB) in SEV guest VMs. A local user can execute a particular sequence of operations that includes creation of a new virtual machine control block (VMCB) and disclose the SEV guest memory contents.

4) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26347)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can force the DMA (Direct Memory Access) to reference an invalid DRAM address and perform a denial of service attack.

5) Resource management error (CVE-ID: CVE-2021-26348)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force the IO device into writing data to memory it should not be able to access.

6) Security features bypass (CVE-ID: CVE-2021-26349)

The vulnerability allows an attacker to compromise the guest OS.

The vulnerability exists due to failure to assign a new report ID to an imported guest. This can result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).

7) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26350)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can obtain and manipulate the address of a message port register and perform a denial of service attack.

8) Buffer overflow (CVE-ID: CVE-2021-26364)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in an SMU mailbox register. A local user can force SMU to read outside of the SRAM address range and perform a denial of service attack.

9) Buffer overflow (CVE-ID: CVE-2021-26372)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

10) Buffer overflow (CVE-ID: CVE-2021-26373)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the System Management Unit (SMU). A local user can trigger a system voltage malfunction and perform a denial of service (DoS) attack.

11) Buffer overflow (CVE-ID: CVE-2021-26375)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

12) Input validation error (CVE-ID: CVE-2021-26376)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in System Management Unit (SMU) FeatureConfig. A local user can re-enable certain features, which can lead to denial of service.

13) Buffer overflow (CVE-ID: CVE-2021-26378)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

14) Out-of-bounds read (CVE-ID: CVE-2021-26388)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in the BIOS directory that allows for searches to read beyond the directory table copy in RAM. A local user can perform a denial of service (DoS) attack.

15) Cryptographic issues (CVE-ID: CVE-2021-46744)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a ciphertext side channel attack where data in specific cryptographic algorithms can be inferred in a SEV guest by monitoring the ciphertext values over time. A local user with access to the hypervisor can gain access to sensitive information, related to the guest OS.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2022/suse-su-20221840-1/