Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3751-1 Final 1 1 2021-11-19T16:20:11Z current 2021-11-19T16:20:11Z 2021-11-19T16:20:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) This update for the Linux Kernel 4.4.180-94_147 fixes several issues. The following security issues were fixed: - CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042). - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-3751,SUSE-SLE-SAP-12-SP3-2021-3749,SUSE-SLE-SAP-12-SP3-2021-3750,SUSE-SLE-SAP-12-SP3-2021-3751,SUSE-SLE-SAP-12-SP3-2021-3752,SUSE-SLE-SAP-12-SP3-2021-3753,SUSE-SLE-SERVER-12-SP3-2021-3749,SUSE-SLE-SERVER-12-SP3-2021-3750,SUSE-SLE-SERVER-12-SP3-2021-3751,SUSE-SLE-SERVER-12-SP3-2021-3752,SUSE-SLE-SERVER-12-SP3-2021-3753 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213751-1/ Link for SUSE-SU-2021:3751-1 https://lists.suse.com/pipermail/sle-security-updates/2021-November/009755.html E-Mail link for SUSE-SU-2021:3751-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1190432 SUSE Bug 1190432 https://bugzilla.suse.com/1192042 SUSE Bug 1192042 https://www.suse.com/security/cve/CVE-2021-0935/ SUSE CVE CVE-2021-0935 page https://www.suse.com/security/cve/CVE-2021-3752/ SUSE CVE CVE-2021-3752 page SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 kgraft-patch-4_4_180-94_141-default-11-2.2 kgraft-patch-4_4_180-94_135-default-14-2.2 kgraft-patch-4_4_180-94_138-default-12-2.2 kgraft-patch-4_4_180-94_144-default-8-2.2 kgraft-patch-4_4_180-94_147-default-5-2.2 kgraft-patch-4_4_180-94_135-default-14-2.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS kgraft-patch-4_4_180-94_138-default-12-2.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS kgraft-patch-4_4_180-94_141-default-11-2.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS kgraft-patch-4_4_180-94_144-default-8-2.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS kgraft-patch-4_4_180-94_147-default-5-2.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS kgraft-patch-4_4_180-94_135-default-14-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kgraft-patch-4_4_180-94_138-default-12-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kgraft-patch-4_4_180-94_141-default-11-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kgraft-patch-4_4_180-94_144-default-8-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kgraft-patch-4_4_180-94_147-default-5-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel CVE-2021-0935 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-14-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_138-default-12-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_141-default-11-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_144-default-8-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_147-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-14-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_138-default-12-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_141-default-11-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_144-default-8-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_147-default-5-2.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213751-1/ https://www.suse.com/security/cve/CVE-2021-0935.html CVE-2021-0935 https://bugzilla.suse.com/1192032 SUSE Bug 1192032 https://bugzilla.suse.com/1192042 SUSE Bug 1192042 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-3752 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-14-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_138-default-12-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_141-default-11-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_144-default-8-2.2 SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_147-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-14-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_138-default-12-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_141-default-11-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_144-default-8-2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_147-default-5-2.2 important 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213751-1/ https://www.suse.com/security/cve/CVE-2021-3752.html CVE-2021-3752 https://bugzilla.suse.com/1190023 SUSE Bug 1190023 https://bugzilla.suse.com/1190432 SUSE Bug 1190432