OPENSUSE-SU-2021:2409-1
Vulnerability Summary
Timeline
Description
Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c (bnc#1188116 ). - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges (bsc#1188062). The following non-security bugs were fixed: - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - usb: dwc3: Fix debugfs creation flow (git-fixes). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489).
Affected Systems
- opensuse•kernel-azure&distro=openSUSE Leap 15.3
< 5.3.18-38.14.1
- opensuse•kernel-source-azure&distro=openSUSE Leap 15.3
< 5.3.18-38.14.1
- opensuse•kernel-syms-azure&distro=openSUSE Leap 15.3
< 5.3.18-38.14.1
References (11)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PZY5AYK3E4EZBBTJOQXWCMRDFFYLM6EB/
- https://bugzilla.suse.com/1152489
- https://bugzilla.suse.com/1182470
- https://bugzilla.suse.com/1185486
- https://bugzilla.suse.com/1187927
- https://bugzilla.suse.com/1187972
- https://bugzilla.suse.com/1187980
- https://bugzilla.suse.com/1188062
- https://bugzilla.suse.com/1188116
- https://www.suse.com/security/cve/CVE-2021-22555
- https://www.suse.com/security/cve/CVE-2021-33909