Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-9517: Fixed possible memory corruption due to a use after free
in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket
buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming
packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows
a malicious L1 guest to enable AVIC support for the L2 guest.
(bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and
allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and
VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality
was found in the way user uses trace ring buffer in a specific way. Only
privileged local users (with CAP_SYS_ADMIN capability) could use this
flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace
can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling
(bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead
to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an
untrusted device that supplies a buf->len value exceeding the buffer
size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the
access permissions of a shadow page, leading to a missing guest
protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically
proximate attackers to cause a denial of service (use-after-free and
panic) by removing a MAX-3421 USB device in certain situations
(bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
via unprivileged BPF program that could have obtain sensitive
information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been
abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases
(bsc#1171420).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-September/009499.html