SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1623-1)

high Nessus Plugin ID 149716
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).

CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).

CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).

CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).

CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).

CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).

CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).

CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).

CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).

CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).

CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).

CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).

CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).

CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).

CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).

CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198).

CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).

CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.
This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).

CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).

CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).

CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).

CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).

CVE-2020-1749: Fixed a flaw inside of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud Crowbar 8 :

zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1623=1

SUSE OpenStack Cloud 8 :

zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1623=1

SUSE Linux Enterprise Server for SAP 12-SP3 :

zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1623=1

SUSE Linux Enterprise Server 12-SP3-LTSS :

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1623=1

SUSE Linux Enterprise Server 12-SP3-BCL :

zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1623=1

SUSE Linux Enterprise High Availability 12-SP3 :

zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1623=1

HPE Helion Openstack 8 :

zypper in -t patch HPE-Helion-OpenStack-8-2021-1623=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1120163

https://bugzilla.suse.com/show_bug.cgi?id=1152974

https://bugzilla.suse.com/show_bug.cgi?id=1152975

https://bugzilla.suse.com/show_bug.cgi?id=1155179

https://bugzilla.suse.com/show_bug.cgi?id=1155184

https://bugzilla.suse.com/show_bug.cgi?id=1155186

https://bugzilla.suse.com/show_bug.cgi?id=1159483

https://bugzilla.suse.com/show_bug.cgi?id=1165629

https://bugzilla.suse.com/show_bug.cgi?id=1165823

https://bugzilla.suse.com/show_bug.cgi?id=1172247

https://bugzilla.suse.com/show_bug.cgi?id=1173485

https://bugzilla.suse.com/show_bug.cgi?id=1176720

https://bugzilla.suse.com/show_bug.cgi?id=1177411

https://bugzilla.suse.com/show_bug.cgi?id=1177855

https://bugzilla.suse.com/show_bug.cgi?id=1177856

https://bugzilla.suse.com/show_bug.cgi?id=1178181

https://bugzilla.suse.com/show_bug.cgi?id=1178634

https://bugzilla.suse.com/show_bug.cgi?id=1179575

https://bugzilla.suse.com/show_bug.cgi?id=1182047

https://bugzilla.suse.com/show_bug.cgi?id=1182261

https://bugzilla.suse.com/show_bug.cgi?id=1182715

https://bugzilla.suse.com/show_bug.cgi?id=1182716

https://bugzilla.suse.com/show_bug.cgi?id=1182717

https://bugzilla.suse.com/show_bug.cgi?id=1183022

https://bugzilla.suse.com/show_bug.cgi?id=1183069

https://bugzilla.suse.com/show_bug.cgi?id=1183593

https://bugzilla.suse.com/show_bug.cgi?id=1184120

https://bugzilla.suse.com/show_bug.cgi?id=1184167

https://bugzilla.suse.com/show_bug.cgi?id=1184168

https://bugzilla.suse.com/show_bug.cgi?id=1184194

https://bugzilla.suse.com/show_bug.cgi?id=1184198

https://bugzilla.suse.com/show_bug.cgi?id=1184208

https://bugzilla.suse.com/show_bug.cgi?id=1184211

https://bugzilla.suse.com/show_bug.cgi?id=1184391

https://bugzilla.suse.com/show_bug.cgi?id=1184393

https://bugzilla.suse.com/show_bug.cgi?id=1184397

https://bugzilla.suse.com/show_bug.cgi?id=1184509

https://bugzilla.suse.com/show_bug.cgi?id=1184583

https://bugzilla.suse.com/show_bug.cgi?id=1184611

https://bugzilla.suse.com/show_bug.cgi?id=1185248

https://bugzilla.suse.com/show_bug.cgi?id=1185555

https://bugzilla.suse.com/show_bug.cgi?id=1185556

https://bugzilla.suse.com/show_bug.cgi?id=1185557

https://www.suse.com/security/cve/CVE-2020-0433/

https://www.suse.com/security/cve/CVE-2020-1749/

https://www.suse.com/security/cve/CVE-2020-25670/

https://www.suse.com/security/cve/CVE-2020-25671/

https://www.suse.com/security/cve/CVE-2020-25672/

https://www.suse.com/security/cve/CVE-2020-25673/

https://www.suse.com/security/cve/CVE-2020-27673/

https://www.suse.com/security/cve/CVE-2020-36312/

https://www.suse.com/security/cve/CVE-2020-36322/

https://www.suse.com/security/cve/CVE-2021-20219/

https://www.suse.com/security/cve/CVE-2021-27363/

https://www.suse.com/security/cve/CVE-2021-27364/

https://www.suse.com/security/cve/CVE-2021-27365/

https://www.suse.com/security/cve/CVE-2021-28038/

https://www.suse.com/security/cve/CVE-2021-28660/

https://www.suse.com/security/cve/CVE-2021-28950/

https://www.suse.com/security/cve/CVE-2021-28972/

https://www.suse.com/security/cve/CVE-2021-29154/

https://www.suse.com/security/cve/CVE-2021-29264/

https://www.suse.com/security/cve/CVE-2021-29265/

https://www.suse.com/security/cve/CVE-2021-29650/

https://www.suse.com/security/cve/CVE-2021-30002/

https://www.suse.com/security/cve/CVE-2021-3483/

http://www.nessus.org/u?8d4ebd1e

Plugin Details

Severity: High

ID: 149716

File Name: suse_SU-2021-1623-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 5/19/2021

Updated: 5/24/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default, p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default-debuginfo, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/18/2021

Vulnerability Publication Date: 9/9/2020

Reference Information

CVE: CVE-2020-0433, CVE-2020-1749, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2020-27673, CVE-2020-36312, CVE-2020-36322, CVE-2021-20219, CVE-2021-26931, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-28038, CVE-2021-28660, CVE-2021-28950, CVE-2021-28972, CVE-2021-29154, CVE-2021-29264, CVE-2021-29265, CVE-2021-29650, CVE-2021-30002, CVE-2021-3483