|
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
which may have allowed the kernel to read uninitialized memory
(bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the
ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
(bsc#1186063).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in
net/sched/cls_route.c (bsc#1190349).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
have allowed local attackers to access the Aspeed LPC control interface
to overwrite memory in the kernel and potentially execute privileges
(bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
unprivileged users to trigger an eBPF multiplication integer overflow
with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
function in drivers/net/hamradio/6pack.c. Input from a process that had
the CAP_NET_ADMIN capability could have lead to root access
(bsc#1191315).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-November/009757.html
|