Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-15331

kernel update [SLES15 SP2 5.3.18-24.96.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.15.0
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
      security and bugfixes.

      The following security bugs were fixed:

      • Unprivileged BPF has been disabled by default to reduce attack surface
        as too many security issues have happened in the past (jsc#SLE-22573)

      You can reenable via systemctl setting
      /proc/sys/kernel/unprivileged_bpf_disabled to 0.
      (kernel.unprivileged_bpf_disabled = 0)

      • CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible
        out of bounds read due to a use after free. This could lead to local
        escalation of privilege with System execution privileges needed. User
        interaction is not needed for exploitation (bnc#1192045).
      • CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in
        list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module
        in the Linux kernel A bound check failure allowed an attacker with
        special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds
        memory leading to a system crash or a leak of internal kernel
        information. The highest threat from this vulnerability is to system
        availability (bnc#1192781).
      • CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less
        predictive to avoid information leaks about UDP ports in use.
        (bsc#1191790)
      • CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device
        fails (bsc#1191961).
      • CVE-2021-43389: There was an array-index-out-of-bounds flaw in the
        detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
      • CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called
        unregister_netdev without checking for the NETREG_REGISTERED state,
        leading to a use-after-free and a double free (bnc#1188601).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2021-December/009843.html

      Attachments

        Issue Links

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: