[LU-15035] kernel update [SLES15 SP2 5.3.18-24.83.2]

Related — Mon, 25 Oct 2021 19:58:59 +0000

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead
to breaking memcg limits and DoS attacks (bsc#1190115).
CVE-2021-38160: Data corruption or loss could be triggered by an
untrusted device that supplies a buf->len value exceeding the buffer
size in drivers/char/virtio_console.c (bsc#1190117)
CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling
(bsc#1190025).
CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by
invalid id (bsc#1189832 ).
CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace
can reveal files (bsc#1189706).
CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows
a malicious L1 guest to enable AVIC support for the L2 guest.
(bsc#1189399).
CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and
allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and
VLS for the L2 guest (bsc#1189400).
CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the
access permissions of a shadow page, leading to a missing guest
protection page fault (bnc#1189262).
CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed
remote attackers to cause a denial of service (buffer overflow and
lockup) by sending heavy network traffic for about ten minutes
(bnc#1189298).
CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it
easier for attackers to defeat an ASLR protection mechanism because it
prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically
proximate attackers to cause a denial of service (use-after-free and
panic) by removing a MAX-3421 USB device in certain situations
(bnc#1189291).
CVE-2021-3679: A lack of CPU resource in tracing module functionality
was found in the way user uses trace ring buffer in a specific way. Only
privileged local users (with CAP_SYS_ADMIN capability) could use this
flaw to starve the resources causing denial of service (bnc#1189057).
CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
via unprivileged BPF program that could have obtain sensitive
information from kernel memory (bsc#1188983).
CVE-2021-35477: Fixed BPF stack frame pointer which could have been
abused to disclose content of arbitrary kernel memory (bsc#1188985).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-September/009508.html

Whamcloud Community JIRA

[LU-15035] kernel update [SLES15 SP2 5.3.18-24.83.2]