Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a
kvm_io_bus_unregister_dev memory leak upon a kmalloc failure
(bnc#1184509). - CVE-2021-29650: Fixed an issue within the netfilter subsystem that
allowed attackers to cause a denial of service (panic) because
net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
full memory barrier upon the assignment of a new table value
(bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that
performed undesirable out-of-bounds speculation on pointer arithmetic,
leading to side-channel attacks that defeat Spectre mitigations and
obtain sensitive information from kernel memory. Specifically, for
sequences of pointer arithmetic operations, the pointer modification
performed by the first operation is not correctly accounted for when
restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that
allowed a set_memory_region_test infinite loop for certain nested page
faults (bnc#1184512). - CVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a "stall on
CPU" could have occured because a retry loop continually finds the same
bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue within the FUSE filesystem implementation
where fuse_do_getattr() calls make_bad_inode() in inappropriate
situations, causing a system crash. NOTE: the original fix for this
vulnerability was incomplete, and its incompleteness is tracked as
CVE-2021-28950 (bnc#1184211, bnc#1184952). - CVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation
(bsc#1184170).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-May/008769.html