Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in
net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM,
which could bypass RO checks and can lead to pages being freed while
still accessible by the VMM and guest. This allowed users with the
ability to start and control a VM to read/write random pages of memory
and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM
guest OS user could cause host OS memory corruption via rtas_args.nargs
(bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of
l2tp_core.c, there is possible memory corruption due to a use after
free. This could lead to local escalation of privilege with System
execution privileges needed. (bsc#1176724). - CVE-2020-36386: Fixed a slab out-of-bounds read in
hci_extended_inquiry_result_evt (bsc#1187038 ).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-August/009280.html