Security update for the Linux Kernel (Live Patch 24 for SLE 15) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2057-1 Final 1 1 2021-06-18T09:44:40Z current 2021-06-18T09:44:40Z 2021-06-18T09:44:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 24 for SLE 15) This update for the Linux Kernel 4.12.14-150_72 fixes several issues. The following security issues were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges (bnc#1186060). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-2057,SUSE-SLE-Module-Live-Patching-15-2021-2057 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212057-1/ Link for SUSE-SU-2021:2057-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/009048.html E-Mail link for SUSE-SU-2021:2057-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1185899 SUSE Bug 1185899 https://bugzilla.suse.com/1186061 SUSE Bug 1186061 https://bugzilla.suse.com/1186285 SUSE Bug 1186285 https://bugzilla.suse.com/1186498 SUSE Bug 1186498 https://www.suse.com/security/cve/CVE-2021-23134/ SUSE CVE CVE-2021-23134 page https://www.suse.com/security/cve/CVE-2021-32399/ SUSE CVE CVE-2021-32399 page https://www.suse.com/security/cve/CVE-2021-33034/ SUSE CVE CVE-2021-33034 page https://www.suse.com/security/cve/CVE-2021-33200/ SUSE CVE CVE-2021-33200 page SUSE Linux Enterprise Live Patching 15 kernel-livepatch-4_12_14-150_72-default-2-2.1 kernel-livepatch-4_12_14-150_72-default-2-2.1 as a component of SUSE Linux Enterprise Live Patching 15 Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. CVE-2021-23134 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_72-default-2-2.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212057-1/ https://www.suse.com/security/cve/CVE-2021-23134.html CVE-2021-23134 https://bugzilla.suse.com/1186060 SUSE Bug 1186060 https://bugzilla.suse.com/1186061 SUSE Bug 1186061 https://bugzilla.suse.com/1220739 SUSE Bug 1220739 net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_72-default-2-2.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212057-1/ https://www.suse.com/security/cve/CVE-2021-32399.html CVE-2021-32399 https://bugzilla.suse.com/1184611 SUSE Bug 1184611 https://bugzilla.suse.com/1185898 SUSE Bug 1185898 https://bugzilla.suse.com/1185899 SUSE Bug 1185899 https://bugzilla.suse.com/1196174 SUSE Bug 1196174 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 https://bugzilla.suse.com/1201734 SUSE Bug 1201734 In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. CVE-2021-33034 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_72-default-2-2.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212057-1/ https://www.suse.com/security/cve/CVE-2021-33034.html CVE-2021-33034 https://bugzilla.suse.com/1186111 SUSE Bug 1186111 https://bugzilla.suse.com/1186285 SUSE Bug 1186285 kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. CVE-2021-33200 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_72-default-2-2.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212057-1/ https://www.suse.com/security/cve/CVE-2021-33200.html CVE-2021-33200 https://bugzilla.suse.com/1186484 SUSE Bug 1186484 https://bugzilla.suse.com/1186498 SUSE Bug 1186498 https://bugzilla.suse.com/1224878 SUSE Bug 1224878