Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1715-1 Final 1 1 2021-05-25T10:25:07Z current 2021-05-25T10:25:07Z 2021-05-25T10:25:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) This update for the Linux Kernel 5.3.18-22 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-1715,SUSE-SLE-Live-Patching-12-SP4-2021-1746,SUSE-SLE-Live-Patching-12-SP4-2021-1747,SUSE-SLE-Live-Patching-12-SP4-2021-1748,SUSE-SLE-Live-Patching-12-SP4-2021-1749,SUSE-SLE-Live-Patching-12-SP4-2021-1750,SUSE-SLE-Live-Patching-12-SP4-2021-1751,SUSE-SLE-Live-Patching-12-SP5-2021-1734,SUSE-SLE-Module-Live-Patching-15-SP1-2021-1715,SUSE-SLE-Module-Live-Patching-15-SP1-2021-1716,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1703,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1704,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1705,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1706,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1707,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1708,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1709,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1710,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1711,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1712,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1713,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1714 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211715-1/ Link for SUSE-SU-2021:1715-1 https://lists.suse.com/pipermail/sle-security-updates/2021-May/008815.html E-Mail link for SUSE-SU-2021:1715-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184710 SUSE Bug 1184710 https://bugzilla.suse.com/1184952 SUSE Bug 1184952 https://www.suse.com/security/cve/CVE-2020-36322/ SUSE CVE CVE-2020-36322 page https://www.suse.com/security/cve/CVE-2021-29154/ SUSE CVE CVE-2021-29154 page SUSE Linux Enterprise Live Patching 12 SP4 SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Live Patching 15 SP1 SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-4_12_14-197_86-default-4-2.2 kgraft-patch-4_12_14-95_71-default-4-2.2 kgraft-patch-4_12_14-95_68-default-5-2.2 kgraft-patch-4_12_14-95_65-default-6-2.2 kgraft-patch-4_12_14-95_60-default-9-2.2 kgraft-patch-4_12_14-95_57-default-10-2.2 kgraft-patch-4_12_14-95_54-default-10-2.2 kgraft-patch-4_12_14-122_63-default-4-2.2 kernel-livepatch-4_12_14-197_83-default-5-2.2 kernel-livepatch-5_3_18-24_52-default-4-2.2 kernel-livepatch-5_3_18-24_49-default-5-2.2 kernel-livepatch-5_3_18-24_46-default-6-2.2 kernel-livepatch-5_3_18-24_43-default-6-2.2 kernel-livepatch-5_3_18-24_37-default-7-2.2 kernel-livepatch-5_3_18-24_34-default-7-2.2 kernel-livepatch-5_3_18-24_29-default-7-2.2 kernel-livepatch-5_3_18-24_24-default-9-2.2 kernel-livepatch-5_3_18-24_15-default-9-2.2 kernel-livepatch-5_3_18-24_12-default-9-2.2 kernel-livepatch-5_3_18-24_9-default-10-2.2 kernel-livepatch-5_3_18-22-default-11-5.2 kgraft-patch-4_12_14-95_71-default-4-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_68-default-5-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_65-default-6-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_60-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_57-default-10-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_54-default-10-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-122_63-default-4-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-livepatch-4_12_14-197_86-default-4-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_83-default-5-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-5_3_18-24_52-default-4-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_49-default-5-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_46-default-6-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_43-default-6-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_37-default-7-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_34-default-7-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_29-default-7-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_24-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_15-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_12-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_9-default-10-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-22-default-11-5.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. CVE-2020-36322 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_54-default-10-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-10-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-6-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-4-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_63-default-4-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_83-default-5-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-4-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-11-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_24-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_29-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_34-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_37-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_43-default-6-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_46-default-6-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-5-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-4-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-10-2.2 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211715-1/ https://www.suse.com/security/cve/CVE-2020-36322.html CVE-2020-36322 https://bugzilla.suse.com/1184211 SUSE Bug 1184211 https://bugzilla.suse.com/1184952 SUSE Bug 1184952 https://bugzilla.suse.com/1189302 SUSE Bug 1189302 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. CVE-2021-29154 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_54-default-10-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-10-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_65-default-6-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_68-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_71-default-4-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_63-default-4-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_83-default-5-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-4-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-11-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_24-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_29-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_34-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_37-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_43-default-6-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_46-default-6-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_49-default-5-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-4-2.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-10-2.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211715-1/ https://www.suse.com/security/cve/CVE-2021-29154.html CVE-2021-29154 https://bugzilla.suse.com/1184391 SUSE Bug 1184391 https://bugzilla.suse.com/1184710 SUSE Bug 1184710 https://bugzilla.suse.com/1186408 SUSE Bug 1186408