SUSE-SU-2021:0739-1
Vulnerability from csaf_suse - Published: 2021-03-09 15:08 - Updated: 2021-03-09 15:08Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive various security and bugfixes.
The following security bugs was fixed:
- CVE-2021-3348: Fixed a use-after-free read in nbd_queue_rq (bsc#1181504).
The following non-security bugs were fixed:
- ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes).
- ACPI: property: Fix fwnode string properties matching (git-fixes).
- ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes).
- ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes).
- arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)
- ASoC: cs42l56: fix up error handling in probe (git-fixes).
- ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes).
- block: fix use-after-free in disk_part_iter_next (bsc#1182610).
- Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes).
- Bluetooth: drop HCI device reference before return (git-fixes).
- Bluetooth: Fix initializing response id after clearing struct (git-fixes).
- Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes).
- bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes).
- bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes).
- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- btrfs: correctly calculate item size used when item key collision happens (bsc#1181996).
- btrfs: correctly validate compression type (bsc#1182269).
- btrfs: delete the ordered isize update code (bsc#1181998).
- btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: do not set path->leave_spinning for truncate (bsc#1181998).
- btrfs: factor out extent dropping code from hole punch handler (bsc#1182038).
- btrfs: fix cloning range with a hole when using the NO_HOLES feature (bsc#1182038).
- btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130)
- btrfs: fix ENOSPC errors, leading to transaction aborts, when cloning extents (bsc#1182038).
- btrfs: fix hole extent items with a zero size after range cloning (bsc#1182038).
- btrfs: fix lost i_size update after cloning inline extent (bsc#1181998).
- btrfs: fix mount failure caused by race with umount (bsc#1182248).
- btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574).
- btrfs: fix unexpected cow in run_delalloc_nocow (bsc#1181987).
- btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space (bsc#1181987).
- btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: incremental send, fix file corruption when no-holes feature is enabled (bsc#1182184).
- btrfs: Introduce extent_io_tree::owner to distinguish different io_trees (bsc#1181998).
- btrfs: introduce per-inode file extent tree (bsc#1181998).
- btrfs: prepare for extensions in compression options (bsc#1182269).
- btrfs: prop: fix vanished compression property after failed set (bsc#1182269).
- btrfs: prop: fix zstd compression parameter validation (bsc#1182269).
- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1181998).
- btrfs: send, allow clone operations within the same file (bsc#1182173)
- btrfs: send, do not issue unnecessary truncate operations (bsc#1182173)
- btrfs: send, fix emission of invalid clone operations within the same file (bsc#1182173)
- btrfs: send, fix incorrect file layout after hole punching beyond eof (bsc#1182173).
- btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1182173)
- btrfs: send, fix missing truncate for inode with prealloc extent past eof (bsc#1182173).
- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1182243 bsc#1182242).
- btrfs: send, recompute reference path after orphanization of a directory (bsc#1182243).
- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: transaction: Avoid deadlock due to bad initialization timing of fs_info::journal_info (bsc#1181931).
- btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).
- btrfs: Use bd_dev to generate index when dev_state_hashtable add items (bsc#1181931).
- btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1181998).
- btrfs: use the file extent tree infrastructure (bsc#1181998).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049).
- ext4: do not remount read-only with errors=continue on reboot (bsc#1182464).
- ext4: fix a memory leak of ext4_free_data (bsc#1182447).
- ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449).
- ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463).
- ext4: fix superblock checksum failure when setting password salt (bsc#1182465).
- fgraph: Initialize tracing_graph_pause at task creation (git-fixes).
- firmware: imx: select SOC_BUS to fix firmware build (git-fixes).
- Fix unsynchronized access to sev members through svm_register_enc_region (bsc#1114648).
- fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466).
- fs: move I_DIRTY_INODE to fs.h (bsc#1182612).
- HID: core: detect and skip invalid inputs to snto32() (git-fixes).
- HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes).
- hwrng: timeriomem - Fix cooldown period calculation (git-fixes).
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
- ibmvnic: device remove has higher precedence over reset (bsc#1065729).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631).
- ibmvnic: serialize access to work queue on remove (bsc#1065729).
- ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes).
- Input: elo - fix an error code in elo_connect() (git-fixes).
- Input: joydev - prevent potential read overflow in ioctl (git-fixes).
- iwlwifi: exclude GEO SAR support for 3168 (git-fixes).
- kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612).
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
- kernfs: deal with kernfs_fill_super() failures (bsc#1181809).
- KVM: apic: Flush TLB after APIC mode/address change if VPIDs are in use (bsc#1182302).
- KVM: Fix kABI for set_virtual_apic_mode (bsc#1182310).
- KVM: Fix kABI for tlb_flush (bsc#1182195).
- KVM-vmx-Basic-APIC-virtualization-controls-have-thre.patch: (bsc#1182310).
- KVM: VMX: check for existence of secondary exec controls before accessing (bsc#1182438).
- KVM: VMX: hide flexpriority from guest when disabled at the module level (bsc#1182448).
- KVM-vmx-Introduce-lapic_mode-enumeration.patch: (bsc#1182307).
- KVM: x86: emulate RDPID (bsc#1182182).
- KVM: x86: emulating RDPID failure shall return #UD rather than
- KVM: X86: introduce invalidate_gpa argument to tlb flush (bsc#1182195).
- libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709).
- libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).
- mac80211: fix potential overflow when multiplying to u32 integers (git-fixes).
- media: cx25821: Fix a bug when reallocating some dma memory (git-fixes).
- media: media/pci: Fix memleak in empress_init (git-fixes).
- media: pwc: Use correct device for DMA (git-fixes).
- media: pxa_camera: declare variable when DEBUG is defined (git-fixes).
- media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes).
- media: tm6000: Fix memleak in tm6000_start_stream (git-fixes).
- media: vsp1: Fix an error handling path in the probe function (git-fixes).
- mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes).
- misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes).
- misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes).
- mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes).
- mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273).
- mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273).
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).
- net: bcmgenet: code movement (git-fixes).
- net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).
- net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
- net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
- net: bcmgenet: set Rx mode before starting netif (git-fixes).
- net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).
- net: bcmgenet: Use correct I/O accessors (git-fixes).
- net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
- net/mlx4_en: Handle TX error CQE (bsc#1181854).
- net: moxa: Fix a potential double 'free_irq()' (git-fixes).
- net: sun: fix missing release regions in cas_init_one() (git-fixes).
- nvme-multipath: Early exit if no path is available (git-fixes).
- objtool: Do not fail on missing symbol table (bsc#1169514).
- PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612).
- powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345).
- powerpc: Fix alignment bug within the init sections (bsc#1065729).
- powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729).
- powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624).
- powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074).
- powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900).
- powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes).
- power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes).
- ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930).
- ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).
- quota: Fix error codes in v2_read_file_info() (bsc#1182652).
- quota: Fix memory leak when handling corrupted quota file (bsc#1182650).
- quota: Sanity-check quota file headers on load (bsc#1182461).
- regulator: axp20x: Fix reference cout leak (git-fixes).
- reiserfs: add check for an invalid ih_entry_count (bsc#1182462).
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- s390/pci: adaptation of iommu to multifunction (bsc#1179612).
- s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612).
- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142).
- scsi: target: Fix truncated PR-in ReadKeys response (bsc#1182590).
- scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617).
- staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes).
- tools lib traceevent: Fix 'robust' test of do_generate_dynamic_list_file (git-fixes).
- tpm_tis: Clean up locality release (git-fixes).
- tpm_tis: Fix check_locality for correct locality acquisition (git-fixes).
- tracing: Check length before giving out the filter buffer (git-fixes).
- tracing: Do not count ftrace events in top level enable output (git-fixes).
- USB: cdc-acm: blacklist another IR Droid device (git-fixes).
- USB: dwc2: Abort transaction after errors with unknown reason (git-fixes).
- USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes).
- USB: musb: Fix runtime PM race in musb_queue_resume_work (git-fixes).
- USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes).
- USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes).
- USB: serial: mos7720: fix error code in mos7720_write() (git-fixes).
- USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes).
- USB: serial: mos7840: fix error code in mos7840_write() (git-fixes).
- USB: serial: option: Adding support for Cinterion MV31 (git-fixes).
- USB: serial: option: add LongSung M5710 module support (git-fixes).
- USB: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).
- USB: usblp: fix DMA to stack (git-fixes).
- vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1179612).
- vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).
- writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460).
- x86/apic: Add extra serialization for non-serializing MSRs (bsc#1114648).
- x86/efistub: Disable paging at mixed mode entry (bsc#1114648).
- x86/entry/64/compat: Fix 'x86/entry/64/compat: Preserve r8-r11 in int $0x80' (bsc#1114648).
- x86/entry/64/compat: Preserve r8-r11 in int $0x80 (bsc#1114648).
- x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1114648).
- x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1114648).
- xen-blkfront: allow discard-* nodes to be optional (bsc#1181346).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
- xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561).
- xhci: fix bounce buffer usage for non-sg list case (git-fixes).
Patchnames: SUSE-2021-739,SUSE-SLE-SERVER-12-SP5-2021-739
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive various security and bugfixes.\n\nThe following security bugs was fixed:\n\n- CVE-2021-3348: Fixed a use-after-free read in nbd_queue_rq (bsc#1181504).\n\nThe following non-security bugs were fixed:\n\n- ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes).\n- ACPI: property: Fix fwnode string properties matching (git-fixes).\n- ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes).\n- ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes).\n- arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)\n- ASoC: cs42l56: fix up error handling in probe (git-fixes).\n- ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes).\n- block: fix use-after-free in disk_part_iter_next (bsc#1182610).\n- Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes).\n- Bluetooth: drop HCI device reference before return (git-fixes).\n- Bluetooth: Fix initializing response id after clearing struct (git-fixes).\n- Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes).\n- bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes).\n- bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes).\n- btrfs: Cleanup try_flush_qgroup (bsc#1182047).\n- btrfs: correctly calculate item size used when item key collision happens (bsc#1181996).\n- btrfs: correctly validate compression type (bsc#1182269).\n- btrfs: delete the ordered isize update code (bsc#1181998).\n- btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n- btrfs: do not set path-\u003eleave_spinning for truncate (bsc#1181998).\n- btrfs: factor out extent dropping code from hole punch handler (bsc#1182038).\n- btrfs: fix cloning range with a hole when using the NO_HOLES feature (bsc#1182038).\n- btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130)\n- btrfs: fix ENOSPC errors, leading to transaction aborts, when cloning extents (bsc#1182038).\n- btrfs: fix hole extent items with a zero size after range cloning (bsc#1182038).\n- btrfs: fix lost i_size update after cloning inline extent (bsc#1181998).\n- btrfs: fix mount failure caused by race with umount (bsc#1182248).\n- btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574).\n- btrfs: fix unexpected cow in run_delalloc_nocow (bsc#1181987).\n- btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space (bsc#1181987).\n- btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n- btrfs: incremental send, fix file corruption when no-holes feature is enabled (bsc#1182184).\n- btrfs: Introduce extent_io_tree::owner to distinguish different io_trees (bsc#1181998).\n- btrfs: introduce per-inode file extent tree (bsc#1181998).\n- btrfs: prepare for extensions in compression options (bsc#1182269).\n- btrfs: prop: fix vanished compression property after failed set (bsc#1182269).\n- btrfs: prop: fix zstd compression parameter validation (bsc#1182269).\n- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n- btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1181998).\n- btrfs: send, allow clone operations within the same file (bsc#1182173)\n- btrfs: send, do not issue unnecessary truncate operations (bsc#1182173)\n- btrfs: send, fix emission of invalid clone operations within the same file (bsc#1182173)\n- btrfs: send, fix incorrect file layout after hole punching beyond eof (bsc#1182173).\n- btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1182173)\n- btrfs: send, fix missing truncate for inode with prealloc extent past eof (bsc#1182173).\n- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1182243 bsc#1182242).\n- btrfs: send, recompute reference path after orphanization of a directory (bsc#1182243).\n- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n- btrfs: transaction: Avoid deadlock due to bad initialization timing of fs_info::journal_info (bsc#1181931).\n- btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).\n- btrfs: Use bd_dev to generate index when dev_state_hashtable add items (bsc#1181931).\n- btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1181998).\n- btrfs: use the file extent tree infrastructure (bsc#1181998).\n- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).\n- dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049).\n- ext4: do not remount read-only with errors=continue on reboot (bsc#1182464).\n- ext4: fix a memory leak of ext4_free_data (bsc#1182447).\n- ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449).\n- ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463).\n- ext4: fix superblock checksum failure when setting password salt (bsc#1182465).\n- fgraph: Initialize tracing_graph_pause at task creation (git-fixes).\n- firmware: imx: select SOC_BUS to fix firmware build (git-fixes).\n- Fix unsynchronized access to sev members through svm_register_enc_region (bsc#1114648).\n- fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466).\n- fs: move I_DIRTY_INODE to fs.h (bsc#1182612). \n- HID: core: detect and skip invalid inputs to snto32() (git-fixes).\n- HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes).\n- hwrng: timeriomem - Fix cooldown period calculation (git-fixes).\n- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).\n- ibmvnic: device remove has higher precedence over reset (bsc#1065729).\n- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).\n- ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631).\n- ibmvnic: serialize access to work queue on remove (bsc#1065729).\n- ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes).\n- Input: elo - fix an error code in elo_connect() (git-fixes).\n- Input: joydev - prevent potential read overflow in ioctl (git-fixes).\n- iwlwifi: exclude GEO SAR support for 3168 (git-fixes).\n- kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612).\n- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 (\u0027rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).\u0027)\n- kernfs: deal with kernfs_fill_super() failures (bsc#1181809).\n- KVM: apic: Flush TLB after APIC mode/address change if VPIDs are in use (bsc#1182302).\n- KVM: Fix kABI for set_virtual_apic_mode (bsc#1182310).\n- KVM: Fix kABI for tlb_flush (bsc#1182195).\n- KVM-vmx-Basic-APIC-virtualization-controls-have-thre.patch: (bsc#1182310).\n- KVM: VMX: check for existence of secondary exec controls before accessing (bsc#1182438).\n- KVM: VMX: hide flexpriority from guest when disabled at the module level (bsc#1182448).\n- KVM-vmx-Introduce-lapic_mode-enumeration.patch: (bsc#1182307).\n- KVM: x86: emulate RDPID (bsc#1182182).\n- KVM: x86: emulating RDPID failure shall return #UD rather than\n- KVM: X86: introduce invalidate_gpa argument to tlb flush (bsc#1182195).\n- libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709).\n- libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).\n- mac80211: fix potential overflow when multiplying to u32 integers (git-fixes).\n- media: cx25821: Fix a bug when reallocating some dma memory (git-fixes).\n- media: media/pci: Fix memleak in empress_init (git-fixes).\n- media: pwc: Use correct device for DMA (git-fixes).\n- media: pxa_camera: declare variable when DEBUG is defined (git-fixes).\n- media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes).\n- media: tm6000: Fix memleak in tm6000_start_stream (git-fixes).\n- media: vsp1: Fix an error handling path in the probe function (git-fixes).\n- mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes).\n- misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes).\n- misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes).\n- mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes).\n- mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273).\n- mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273).\n- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).\n- net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).\n- net: bcmgenet: code movement (git-fixes).\n- net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).\n- net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).\n- net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).\n- net: bcmgenet: set Rx mode before starting netif (git-fixes).\n- net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).\n- net: bcmgenet: Use correct I/O accessors (git-fixes).\n- net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).\n- net/mlx4_en: Handle TX error CQE (bsc#1181854).\n- net: moxa: Fix a potential double \u0027free_irq()\u0027 (git-fixes).\n- net: sun: fix missing release regions in cas_init_one() (git-fixes).\n- nvme-multipath: Early exit if no path is available (git-fixes).\n- objtool: Do not fail on missing symbol table (bsc#1169514).\n- PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612).\n- powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345).\n- powerpc: Fix alignment bug within the init sections (bsc#1065729).\n- powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729).\n- powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624).\n- powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074).\n- powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes).\n- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900).\n- powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes).\n- power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes).\n- ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930).\n- ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).\n- quota: Fix error codes in v2_read_file_info() (bsc#1182652).\n- quota: Fix memory leak when handling corrupted quota file (bsc#1182650).\n- quota: Sanity-check quota file headers on load (bsc#1182461).\n- regulator: axp20x: Fix reference cout leak (git-fixes).\n- reiserfs: add check for an invalid ih_entry_count (bsc#1182462).\n- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)\n- s390/pci: adaptation of iommu to multifunction (bsc#1179612).\n- s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612).\n- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142).\n- scsi: target: Fix truncated PR-in ReadKeys response (bsc#1182590).\n- scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617).\n- staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes).\n- tools lib traceevent: Fix \u0027robust\u0027 test of do_generate_dynamic_list_file (git-fixes).\n- tpm_tis: Clean up locality release (git-fixes).\n- tpm_tis: Fix check_locality for correct locality acquisition (git-fixes).\n- tracing: Check length before giving out the filter buffer (git-fixes).\n- tracing: Do not count ftrace events in top level enable output (git-fixes).\n- USB: cdc-acm: blacklist another IR Droid device (git-fixes).\n- USB: dwc2: Abort transaction after errors with unknown reason (git-fixes).\n- USB: dwc2: Make \u0027trimming xfer length\u0027 a debug message (git-fixes).\n- USB: musb: Fix runtime PM race in musb_queue_resume_work (git-fixes).\n- USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes).\n- USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes).\n- USB: serial: mos7720: fix error code in mos7720_write() (git-fixes).\n- USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes).\n- USB: serial: mos7840: fix error code in mos7840_write() (git-fixes).\n- USB: serial: option: Adding support for Cinterion MV31 (git-fixes).\n- USB: serial: option: add LongSung M5710 module support (git-fixes).\n- USB: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).\n- USB: usblp: fix DMA to stack (git-fixes).\n- vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1179612).\n- vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).\n- writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460).\n- x86/apic: Add extra serialization for non-serializing MSRs (bsc#1114648).\n- x86/efistub: Disable paging at mixed mode entry (bsc#1114648).\n- x86/entry/64/compat: Fix \u0027x86/entry/64/compat: Preserve r8-r11 in int $0x80\u0027 (bsc#1114648).\n- x86/entry/64/compat: Preserve r8-r11 in int $0x80 (bsc#1114648).\n- x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1114648).\n- x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1114648).\n- xen-blkfront: allow discard-* nodes to be optional (bsc#1181346).\n- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).\n- xen/netback: fix spurious event detection for common event case (bsc#1182175).\n- xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561).\n- xhci: fix bounce buffer usage for non-sg list case (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-739,SUSE-SLE-SERVER-12-SP5-2021-739",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0739-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0739-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210739-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0739-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008449.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1078720",
"url": "https://bugzilla.suse.com/1078720"
},
{
"category": "self",
"summary": "SUSE Bug 1081134",
"url": "https://bugzilla.suse.com/1081134"
},
{
"category": "self",
"summary": "SUSE Bug 1084610",
"url": "https://bugzilla.suse.com/1084610"
},
{
"category": "self",
"summary": "SUSE Bug 1114648",
"url": "https://bugzilla.suse.com/1114648"
},
{
"category": "self",
"summary": "SUSE Bug 1163617",
"url": "https://bugzilla.suse.com/1163617"
},
{
"category": "self",
"summary": "SUSE Bug 1163930",
"url": "https://bugzilla.suse.com/1163930"
},
{
"category": "self",
"summary": "SUSE Bug 1169514",
"url": "https://bugzilla.suse.com/1169514"
},
{
"category": "self",
"summary": "SUSE Bug 1170442",
"url": "https://bugzilla.suse.com/1170442"
},
{
"category": "self",
"summary": "SUSE Bug 1176855",
"url": "https://bugzilla.suse.com/1176855"
},
{
"category": "self",
"summary": "SUSE Bug 1177440",
"url": "https://bugzilla.suse.com/1177440"
},
{
"category": "self",
"summary": "SUSE Bug 1178049",
"url": "https://bugzilla.suse.com/1178049"
},
{
"category": "self",
"summary": "SUSE Bug 1179082",
"url": "https://bugzilla.suse.com/1179082"
},
{
"category": "self",
"summary": "SUSE Bug 1179142",
"url": "https://bugzilla.suse.com/1179142"
},
{
"category": "self",
"summary": "SUSE Bug 1179612",
"url": "https://bugzilla.suse.com/1179612"
},
{
"category": "self",
"summary": "SUSE Bug 1179709",
"url": "https://bugzilla.suse.com/1179709"
},
{
"category": "self",
"summary": "SUSE Bug 1180058",
"url": "https://bugzilla.suse.com/1180058"
},
{
"category": "self",
"summary": "SUSE Bug 1181346",
"url": "https://bugzilla.suse.com/1181346"
},
{
"category": "self",
"summary": "SUSE Bug 1181504",
"url": "https://bugzilla.suse.com/1181504"
},
{
"category": "self",
"summary": "SUSE Bug 1181574",
"url": "https://bugzilla.suse.com/1181574"
},
{
"category": "self",
"summary": "SUSE Bug 1181671",
"url": "https://bugzilla.suse.com/1181671"
},
{
"category": "self",
"summary": "SUSE Bug 1181809",
"url": "https://bugzilla.suse.com/1181809"
},
{
"category": "self",
"summary": "SUSE Bug 1181854",
"url": "https://bugzilla.suse.com/1181854"
},
{
"category": "self",
"summary": "SUSE Bug 1181896",
"url": "https://bugzilla.suse.com/1181896"
},
{
"category": "self",
"summary": "SUSE Bug 1181931",
"url": "https://bugzilla.suse.com/1181931"
},
{
"category": "self",
"summary": "SUSE Bug 1181960",
"url": "https://bugzilla.suse.com/1181960"
},
{
"category": "self",
"summary": "SUSE Bug 1181985",
"url": "https://bugzilla.suse.com/1181985"
},
{
"category": "self",
"summary": "SUSE Bug 1181987",
"url": "https://bugzilla.suse.com/1181987"
},
{
"category": "self",
"summary": "SUSE Bug 1181996",
"url": "https://bugzilla.suse.com/1181996"
},
{
"category": "self",
"summary": "SUSE Bug 1181998",
"url": "https://bugzilla.suse.com/1181998"
},
{
"category": "self",
"summary": "SUSE Bug 1182038",
"url": "https://bugzilla.suse.com/1182038"
},
{
"category": "self",
"summary": "SUSE Bug 1182047",
"url": "https://bugzilla.suse.com/1182047"
},
{
"category": "self",
"summary": "SUSE Bug 1182118",
"url": "https://bugzilla.suse.com/1182118"
},
{
"category": "self",
"summary": "SUSE Bug 1182130",
"url": "https://bugzilla.suse.com/1182130"
},
{
"category": "self",
"summary": "SUSE Bug 1182140",
"url": "https://bugzilla.suse.com/1182140"
},
{
"category": "self",
"summary": "SUSE Bug 1182171",
"url": "https://bugzilla.suse.com/1182171"
},
{
"category": "self",
"summary": "SUSE Bug 1182173",
"url": "https://bugzilla.suse.com/1182173"
},
{
"category": "self",
"summary": "SUSE Bug 1182175",
"url": "https://bugzilla.suse.com/1182175"
},
{
"category": "self",
"summary": "SUSE Bug 1182182",
"url": "https://bugzilla.suse.com/1182182"
},
{
"category": "self",
"summary": "SUSE Bug 1182184",
"url": "https://bugzilla.suse.com/1182184"
},
{
"category": "self",
"summary": "SUSE Bug 1182195",
"url": "https://bugzilla.suse.com/1182195"
},
{
"category": "self",
"summary": "SUSE Bug 1182242",
"url": "https://bugzilla.suse.com/1182242"
},
{
"category": "self",
"summary": "SUSE Bug 1182243",
"url": "https://bugzilla.suse.com/1182243"
},
{
"category": "self",
"summary": "SUSE Bug 1182248",
"url": "https://bugzilla.suse.com/1182248"
},
{
"category": "self",
"summary": "SUSE Bug 1182269",
"url": "https://bugzilla.suse.com/1182269"
},
{
"category": "self",
"summary": "SUSE Bug 1182302",
"url": "https://bugzilla.suse.com/1182302"
},
{
"category": "self",
"summary": "SUSE Bug 1182307",
"url": "https://bugzilla.suse.com/1182307"
},
{
"category": "self",
"summary": "SUSE Bug 1182310",
"url": "https://bugzilla.suse.com/1182310"
},
{
"category": "self",
"summary": "SUSE Bug 1182438",
"url": "https://bugzilla.suse.com/1182438"
},
{
"category": "self",
"summary": "SUSE Bug 1182447",
"url": "https://bugzilla.suse.com/1182447"
},
{
"category": "self",
"summary": "SUSE Bug 1182448",
"url": "https://bugzilla.suse.com/1182448"
},
{
"category": "self",
"summary": "SUSE Bug 1182449",
"url": "https://bugzilla.suse.com/1182449"
},
{
"category": "self",
"summary": "SUSE Bug 1182460",
"url": "https://bugzilla.suse.com/1182460"
},
{
"category": "self",
"summary": "SUSE Bug 1182461",
"url": "https://bugzilla.suse.com/1182461"
},
{
"category": "self",
"summary": "SUSE Bug 1182462",
"url": "https://bugzilla.suse.com/1182462"
},
{
"category": "self",
"summary": "SUSE Bug 1182463",
"url": "https://bugzilla.suse.com/1182463"
},
{
"category": "self",
"summary": "SUSE Bug 1182464",
"url": "https://bugzilla.suse.com/1182464"
},
{
"category": "self",
"summary": "SUSE Bug 1182465",
"url": "https://bugzilla.suse.com/1182465"
},
{
"category": "self",
"summary": "SUSE Bug 1182466",
"url": "https://bugzilla.suse.com/1182466"
},
{
"category": "self",
"summary": "SUSE Bug 1182560",
"url": "https://bugzilla.suse.com/1182560"
},
{
"category": "self",
"summary": "SUSE Bug 1182561",
"url": "https://bugzilla.suse.com/1182561"
},
{
"category": "self",
"summary": "SUSE Bug 1182571",
"url": "https://bugzilla.suse.com/1182571"
},
{
"category": "self",
"summary": "SUSE Bug 1182590",
"url": "https://bugzilla.suse.com/1182590"
},
{
"category": "self",
"summary": "SUSE Bug 1182610",
"url": "https://bugzilla.suse.com/1182610"
},
{
"category": "self",
"summary": "SUSE Bug 1182612",
"url": "https://bugzilla.suse.com/1182612"
},
{
"category": "self",
"summary": "SUSE Bug 1182650",
"url": "https://bugzilla.suse.com/1182650"
},
{
"category": "self",
"summary": "SUSE Bug 1182652",
"url": "https://bugzilla.suse.com/1182652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3348 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3348/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2021-03-09T15:08:49Z",
"generator": {
"date": "2021-03-09T15:08:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0739-1",
"initial_release_date": "2021-03-09T15:08:49Z",
"revision_history": [
{
"date": "2021-03-09T15:08:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-4.12.14-16.47.1.noarch",
"product": {
"name": "kernel-devel-azure-4.12.14-16.47.1.noarch",
"product_id": "kernel-devel-azure-4.12.14-16.47.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-4.12.14-16.47.1.noarch",
"product": {
"name": "kernel-source-azure-4.12.14-16.47.1.noarch",
"product_id": "kernel-source-azure-4.12.14-16.47.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-4.12.14-16.47.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-4.12.14-16.47.1.x86_64",
"product_id": "cluster-md-kmp-azure-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-4.12.14-16.47.1.x86_64",
"product": {
"name": "dlm-kmp-azure-4.12.14-16.47.1.x86_64",
"product_id": "dlm-kmp-azure-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-4.12.14-16.47.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-4.12.14-16.47.1.x86_64",
"product_id": "gfs2-kmp-azure-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-4.12.14-16.47.1.x86_64",
"product": {
"name": "kernel-azure-4.12.14-16.47.1.x86_64",
"product_id": "kernel-azure-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-base-4.12.14-16.47.1.x86_64",
"product": {
"name": "kernel-azure-base-4.12.14-16.47.1.x86_64",
"product_id": "kernel-azure-base-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-4.12.14-16.47.1.x86_64",
"product": {
"name": "kernel-azure-devel-4.12.14-16.47.1.x86_64",
"product_id": "kernel-azure-devel-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-4.12.14-16.47.1.x86_64",
"product": {
"name": "kernel-azure-extra-4.12.14-16.47.1.x86_64",
"product_id": "kernel-azure-extra-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-kgraft-devel-4.12.14-16.47.1.x86_64",
"product": {
"name": "kernel-azure-kgraft-devel-4.12.14-16.47.1.x86_64",
"product_id": "kernel-azure-kgraft-devel-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-4.12.14-16.47.1.x86_64",
"product": {
"name": "kernel-syms-azure-4.12.14-16.47.1.x86_64",
"product_id": "kernel-syms-azure-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-4.12.14-16.47.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-4.12.14-16.47.1.x86_64",
"product_id": "kselftests-kmp-azure-4.12.14-16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-4.12.14-16.47.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-4.12.14-16.47.1.x86_64",
"product_id": "ocfs2-kmp-azure-4.12.14-16.47.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-azure-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-16.47.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-16.47.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-16.47.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-16.47.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-azure-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-16.47.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-16.47.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-16.47.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-16.47.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-16.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-16.47.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3348"
}
],
"notes": [
{
"category": "general",
"text": "nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3348",
"url": "https://www.suse.com/security/cve/CVE-2021-3348"
},
{
"category": "external",
"summary": "SUSE Bug 1181504 for CVE-2021-3348",
"url": "https://bugzilla.suse.com/1181504"
},
{
"category": "external",
"summary": "SUSE Bug 1181645 for CVE-2021-3348",
"url": "https://bugzilla.suse.com/1181645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.47.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.47.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-09T15:08:49Z",
"details": "moderate"
}
],
"title": "CVE-2021-3348"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…