Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1617-1 Final 1 1 2021-05-17T09:19:30Z current 2021-05-17T09:19:30Z 2021-05-17T09:19:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211 bnc#1184952). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022 bnc#1183069 ). - CVE-2020-1749: Fixed a flaw with some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629). The following non-security bugs were fixed: - KVM: Add proper lockdep assertion in I/O bus unregister (bsc#1185555). - KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1185556). - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1185557). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bluetooth: eliminate the potential race condition when removing the HCI controller (bsc#1184611). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-1617,SUSE-SLE-SERVER-12-SP2-BCL-2021-1617,SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1617,SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1617 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ Link for SUSE-SU-2021:1617-1 https://lists.suse.com/pipermail/sle-security-updates/2021-May/008777.html E-Mail link for SUSE-SU-2021:1617-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1165629 SUSE Bug 1165629 https://bugzilla.suse.com/1173485 SUSE Bug 1173485 https://bugzilla.suse.com/1176720 SUSE Bug 1176720 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 https://bugzilla.suse.com/1182715 SUSE Bug 1182715 https://bugzilla.suse.com/1182716 SUSE Bug 1182716 https://bugzilla.suse.com/1182717 SUSE Bug 1182717 https://bugzilla.suse.com/1183022 SUSE Bug 1183022 https://bugzilla.suse.com/1183069 SUSE Bug 1183069 https://bugzilla.suse.com/1183593 SUSE Bug 1183593 https://bugzilla.suse.com/1184120 SUSE Bug 1184120 https://bugzilla.suse.com/1184167 SUSE Bug 1184167 https://bugzilla.suse.com/1184168 SUSE Bug 1184168 https://bugzilla.suse.com/1184194 SUSE Bug 1184194 https://bugzilla.suse.com/1184198 SUSE Bug 1184198 https://bugzilla.suse.com/1184208 SUSE Bug 1184208 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 https://bugzilla.suse.com/1184391 SUSE Bug 1184391 https://bugzilla.suse.com/1184393 SUSE Bug 1184393 https://bugzilla.suse.com/1184397 SUSE Bug 1184397 https://bugzilla.suse.com/1184509 SUSE Bug 1184509 https://bugzilla.suse.com/1184611 SUSE Bug 1184611 https://bugzilla.suse.com/1184952 SUSE Bug 1184952 https://bugzilla.suse.com/1185555 SUSE Bug 1185555 https://bugzilla.suse.com/1185556 SUSE Bug 1185556 https://bugzilla.suse.com/1185557 SUSE Bug 1185557 https://www.suse.com/security/cve/CVE-2020-0433/ SUSE CVE CVE-2020-0433 page https://www.suse.com/security/cve/CVE-2020-1749/ SUSE CVE CVE-2020-1749 page https://www.suse.com/security/cve/CVE-2020-25670/ SUSE CVE CVE-2020-25670 page https://www.suse.com/security/cve/CVE-2020-25671/ SUSE CVE CVE-2020-25671 page https://www.suse.com/security/cve/CVE-2020-25672/ SUSE CVE CVE-2020-25672 page https://www.suse.com/security/cve/CVE-2020-25673/ SUSE CVE CVE-2020-25673 page https://www.suse.com/security/cve/CVE-2020-36312/ SUSE CVE CVE-2020-36312 page https://www.suse.com/security/cve/CVE-2020-36322/ SUSE CVE CVE-2020-36322 page https://www.suse.com/security/cve/CVE-2021-20219/ SUSE CVE CVE-2021-20219 page https://www.suse.com/security/cve/CVE-2021-27363/ SUSE CVE CVE-2021-27363 page https://www.suse.com/security/cve/CVE-2021-27364/ SUSE CVE CVE-2021-27364 page https://www.suse.com/security/cve/CVE-2021-27365/ SUSE CVE CVE-2021-27365 page https://www.suse.com/security/cve/CVE-2021-28038/ SUSE CVE CVE-2021-28038 page https://www.suse.com/security/cve/CVE-2021-28660/ SUSE CVE CVE-2021-28660 page https://www.suse.com/security/cve/CVE-2021-28950/ SUSE CVE CVE-2021-28950 page https://www.suse.com/security/cve/CVE-2021-28972/ SUSE CVE CVE-2021-28972 page https://www.suse.com/security/cve/CVE-2021-29154/ SUSE CVE CVE-2021-29154 page https://www.suse.com/security/cve/CVE-2021-29264/ SUSE CVE CVE-2021-29264 page https://www.suse.com/security/cve/CVE-2021-29265/ SUSE CVE CVE-2021-29265 page https://www.suse.com/security/cve/CVE-2021-29650/ SUSE CVE CVE-2021-29650 page https://www.suse.com/security/cve/CVE-2021-30002/ SUSE CVE CVE-2021-30002 page https://www.suse.com/security/cve/CVE-2021-3483/ SUSE CVE CVE-2021-3483 page SUSE Linux Enterprise Server 12 SP2-BCL cluster-md-kmp-debug-4.4.121-92.155.1 cluster-md-kmp-default-4.4.121-92.155.1 cluster-md-kmp-vanilla-4.4.121-92.155.1 cluster-network-kmp-debug-4.4.121-92.155.1 cluster-network-kmp-default-4.4.121-92.155.1 cluster-network-kmp-vanilla-4.4.121-92.155.1 dlm-kmp-debug-4.4.121-92.155.1 dlm-kmp-default-4.4.121-92.155.1 dlm-kmp-vanilla-4.4.121-92.155.1 gfs2-kmp-debug-4.4.121-92.155.1 gfs2-kmp-default-4.4.121-92.155.1 gfs2-kmp-vanilla-4.4.121-92.155.1 kernel-debug-4.4.121-92.155.1 kernel-debug-base-4.4.121-92.155.1 kernel-debug-devel-4.4.121-92.155.1 kernel-debug-extra-4.4.121-92.155.1 kernel-debug-kgraft-4.4.121-92.155.1 kernel-default-4.4.121-92.155.1 kernel-default-base-4.4.121-92.155.1 kernel-default-devel-4.4.121-92.155.1 kernel-default-extra-4.4.121-92.155.1 kernel-default-kgraft-4.4.121-92.155.1 kernel-default-man-4.4.121-92.155.1 kernel-devel-4.4.121-92.155.1 kernel-docs-4.4.121-92.155.1 kernel-docs-html-4.4.121-92.155.1 kernel-docs-pdf-4.4.121-92.155.1 kernel-macros-4.4.121-92.155.1 kernel-obs-build-4.4.121-92.155.1 kernel-obs-qa-4.4.121-92.155.1 kernel-source-4.4.121-92.155.1 kernel-source-vanilla-4.4.121-92.155.1 kernel-syms-4.4.121-92.155.1 kernel-vanilla-4.4.121-92.155.1 kernel-vanilla-base-4.4.121-92.155.1 kernel-vanilla-devel-4.4.121-92.155.1 kernel-zfcpdump-4.4.121-92.155.1 ocfs2-kmp-debug-4.4.121-92.155.1 ocfs2-kmp-default-4.4.121-92.155.1 ocfs2-kmp-vanilla-4.4.121-92.155.1 kernel-default-4.4.121-92.155.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-default-base-4.4.121-92.155.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-default-devel-4.4.121-92.155.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-devel-4.4.121-92.155.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-macros-4.4.121-92.155.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-source-4.4.121-92.155.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-syms-4.4.121-92.155.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299 CVE-2020-0433 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-0433.html CVE-2020-0433 https://bugzilla.suse.com/1176720 SUSE Bug 1176720 https://bugzilla.suse.com/1178066 SUSE Bug 1178066 https://bugzilla.suse.com/1187135 SUSE Bug 1187135 https://bugzilla.suse.com/1189302 SUSE Bug 1189302 A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. CVE-2020-1749 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-1749.html CVE-2020-1749 https://bugzilla.suse.com/1165629 SUSE Bug 1165629 https://bugzilla.suse.com/1165631 SUSE Bug 1165631 https://bugzilla.suse.com/1177511 SUSE Bug 1177511 https://bugzilla.suse.com/1177513 SUSE Bug 1177513 https://bugzilla.suse.com/1189302 SUSE Bug 1189302 A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. CVE-2020-25670 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-25670.html CVE-2020-25670 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 https://bugzilla.suse.com/1194680 SUSE Bug 1194680 A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. CVE-2020-25671 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-25671.html CVE-2020-25671 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 A memory leak vulnerability was found in Linux kernel in llcp_sock_connect CVE-2020-25672 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-25672.html CVE-2020-25672 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. CVE-2020-25673 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-25673.html CVE-2020-25673 https://bugzilla.suse.com/1178181 SUSE Bug 1178181 An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. CVE-2020-36312 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-36312.html CVE-2020-36312 https://bugzilla.suse.com/1184509 SUSE Bug 1184509 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. CVE-2020-36322 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2020-36322.html CVE-2020-36322 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 https://bugzilla.suse.com/1184952 SUSE Bug 1184952 https://bugzilla.suse.com/1189302 SUSE Bug 1189302 A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. CVE-2021-20219 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-20219.html CVE-2021-20219 https://bugzilla.suse.com/1184397 SUSE Bug 1184397 An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. CVE-2021-27363 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-27363.html CVE-2021-27363 https://bugzilla.suse.com/1182716 SUSE Bug 1182716 https://bugzilla.suse.com/1182717 SUSE Bug 1182717 https://bugzilla.suse.com/1183120 SUSE Bug 1183120 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. CVE-2021-27364 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-27364.html CVE-2021-27364 https://bugzilla.suse.com/1182715 SUSE Bug 1182715 https://bugzilla.suse.com/1182716 SUSE Bug 1182716 https://bugzilla.suse.com/1182717 SUSE Bug 1182717 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 https://bugzilla.suse.com/1214268 SUSE Bug 1214268 https://bugzilla.suse.com/1218966 SUSE Bug 1218966 An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. CVE-2021-27365 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-27365.html CVE-2021-27365 https://bugzilla.suse.com/1182712 SUSE Bug 1182712 https://bugzilla.suse.com/1182715 SUSE Bug 1182715 https://bugzilla.suse.com/1183491 SUSE Bug 1183491 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 https://bugzilla.suse.com/1214268 SUSE Bug 1214268 https://bugzilla.suse.com/1218966 SUSE Bug 1218966 An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. CVE-2021-28038 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-28038.html CVE-2021-28038 https://bugzilla.suse.com/1183022 SUSE Bug 1183022 https://bugzilla.suse.com/1183069 SUSE Bug 1183069 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. CVE-2021-28660 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-28660.html CVE-2021-28660 https://bugzilla.suse.com/1183593 SUSE Bug 1183593 https://bugzilla.suse.com/1183658 SUSE Bug 1183658 An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. CVE-2021-28950 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-28950.html CVE-2021-28950 https://bugzilla.suse.com/1184194 SUSE Bug 1184194 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. CVE-2021-28972 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-28972.html CVE-2021-28972 https://bugzilla.suse.com/1184198 SUSE Bug 1184198 https://bugzilla.suse.com/1220060 SUSE Bug 1220060 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. CVE-2021-29154 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-29154.html CVE-2021-29154 https://bugzilla.suse.com/1184391 SUSE Bug 1184391 https://bugzilla.suse.com/1184710 SUSE Bug 1184710 https://bugzilla.suse.com/1186408 SUSE Bug 1186408 An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. CVE-2021-29264 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-29264.html CVE-2021-29264 https://bugzilla.suse.com/1184168 SUSE Bug 1184168 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. CVE-2021-29265 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-29265.html CVE-2021-29265 https://bugzilla.suse.com/1184167 SUSE Bug 1184167 An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. CVE-2021-29650 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-29650.html CVE-2021-29650 https://bugzilla.suse.com/1184208 SUSE Bug 1184208 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. CVE-2021-30002 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-30002.html CVE-2021-30002 https://bugzilla.suse.com/1184120 SUSE Bug 1184120 A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected CVE-2021-3483 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.155.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.155.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1/ https://www.suse.com/security/cve/CVE-2021-3483.html CVE-2021-3483 https://bugzilla.suse.com/1184393 SUSE Bug 1184393