Bug 1180765 (CVE-2021-20177)

Summary: VUL-0: CVE-2021-20177: kernel-source,kernel-source-azure,kernel-source-rt: iptables string match rule could result in kernel panic
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu, meissner, rfrohl, smash_bz, tbogendoerfer, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/274991/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-20177:4.4:(AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2021-01-11 10:47:01 UTC 
rh#1914719

A flaw was found in the Linux kernels implementation of string matching within a packet.  A privileged user ( with root or CAP_NET_ADMIN ) when inserting iptables rules could insert a rule which can panic the system.

This could lead to a denial of service or possibly worse. Further investigation is ongoing.

Upstream patch:
https://github.com/torvalds/linux/commit/ca58fbe06c54

Upstream bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=209823

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1914719
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20177
Comment 1 Robert Frohl 2021-01-11 10:53:54 UTC 
tracking as affected: SLE12-SP5, SLE15-LTSS, SLE15-SP1, SLE15-SP2, SLE15-SP3.

I am a bit unsure if older kernels might be affected, even though this patch wont apply. Wouldn't mind a confirmation on which kernels are affected.
Comment 2 Robert Frohl 2021-01-11 10:57:48 UTC 
(In reply to Robert Frohl from comment #1)
> tracking as affected: SLE12-SP5, SLE15-LTSS, SLE15-SP1, SLE15-SP2, SLE15-SP3.

SLE15-SP3 is already fixed..
Comment 3 Thomas Bogendoerfer 2021-01-13 18:01:44 UTC 
(In reply to Robert Frohl from comment #1)
> tracking as affected: SLE12-SP5, SLE15-LTSS, SLE15-SP1, SLE15-SP2, SLE15-SP3.
> 
> I am a bit unsure if older kernels might be affected, even though this patch
> wont apply. Wouldn't mind a confirmation on which kernels are affected.

SLE15-LTSS is not affected, it doesn't have commit 9f17dbf04ddf.

Is the CVE number correct ? I get a "CVE ID Not Found" and the last comment on bugzilla.kernel.org talks about CVE-2020-35516...
Comment 4 Robert Frohl 2021-01-14 10:03:46 UTC 
(In reply to Thomas Bogendoerfer from comment #3)
> (In reply to Robert Frohl from comment #1)
> > tracking as affected: SLE12-SP5, SLE15-LTSS, SLE15-SP1, SLE15-SP2, SLE15-SP3.
> > 
> > I am a bit unsure if older kernels might be affected, even though this patch
> > wont apply. Wouldn't mind a confirmation on which kernels are affected.
> 
> SLE15-LTSS is not affected, it doesn't have commit 9f17dbf04ddf.

Sorry about that, not sure how I missed that. Updated tracking.

> Is the CVE number correct ? I get a "CVE ID Not Found" and the last comment
> on bugzilla.kernel.org talks about CVE-2020-35516...

Looks like RH did not publish the details yet. The bugzilla entry should serve as the primary source of information. [0]

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1914719
Comment 7 Thomas Bogendoerfer 2021-01-26 14:54:02 UTC 
fix is now present in all maintained branches:

SLE12-SP5               979e397f2540
SLE15-SP1               979e397f2540
SLE15-SP2               465dae1e9365

Added CVE reference:

SLE15-SP3               8e9abe5b6b38

assigning back to the security team.
Comment 16 OBSbugzilla Bot 2021-02-02 18:32:45 UTC 
This is an autogenerated message for OBS integration:
This bug (1180765) was mentioned in
https://build.opensuse.org/request/show/868724 15.2 / kernel-source
Comment 21 Swamp Workflow Management 2021-02-05 22:03:00 UTC 
openSUSE-SU-2021:0241-1: An update that solves 7 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1176395,1176831,1178142,1178631,1179142,1179396,1179508,1179509,1179567,1179572,1180130,1180264,1180412,1180759,1180765,1180809,1180812,1180848,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181584
CVE References: CVE-2020-25211,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.63.1, kernel-default-5.3.18-lp152.63.1, kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1, kernel-docs-5.3.18-lp152.63.1, kernel-kvmsmall-5.3.18-lp152.63.1, kernel-obs-build-5.3.18-lp152.63.1, kernel-obs-qa-5.3.18-lp152.63.1, kernel-preempt-5.3.18-lp152.63.1, kernel-source-5.3.18-lp152.63.1, kernel-syms-5.3.18-lp152.63.1
Comment 23 Swamp Workflow Management 2021-02-09 14:22:05 UTC 
SUSE-SU-2021:0347-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163727,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178372,1178631,1178684,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180541,1180559,1180562,1180566,1180676,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.35.2, kernel-source-azure-5.3.18-18.35.2, kernel-syms-azure-5.3.18-18.35.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2021-02-09 14:38:30 UTC 
SUSE-SU-2021:0348-1: An update that solves 9 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1144912,1149032,1163727,1172145,1174206,1176831,1176846,1178036,1178049,1178372,1178631,1178684,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180559,1180562,1180676,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181553,901327
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.44.1, kernel-source-azure-4.12.14-16.44.1, kernel-syms-azure-4.12.14-16.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2021-02-09 20:23:58 UTC 
SUSE-SU-2021:0353-1: An update that solves 8 vulnerabilities and has 68 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1149032,1174206,1176395,1176831,1176846,1178036,1178049,1178631,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181553
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.60.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.60.2, kernel-obs-build-4.12.14-122.60.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.60.1, kernel-source-4.12.14-122.60.1, kernel-syms-4.12.14-122.60.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.60.1, kgraft-patch-SLE12-SP5_Update_15-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2021-02-09 20:31:51 UTC 
SUSE-SU-2021:0354-1: An update that solves 9 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178631,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.49.2
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.49.2, kernel-livepatch-SLE15-SP2_Update_10-1-5.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.49.2
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.49.3, kernel-obs-build-5.3.18-24.49.2, kernel-preempt-5.3.18-24.49.2, kernel-source-5.3.18-24.49.2, kernel-syms-5.3.18-24.49.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.49.2, kernel-default-base-5.3.18-24.49.2.9.21.2, kernel-preempt-5.3.18-24.49.2, kernel-source-5.3.18-24.49.2
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.49.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2021-02-10 20:26:54 UTC 
SUSE-SU-2021:0427-1: An update that solves 10 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178372,1178631,1178684,1178995,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180676,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180964,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181544,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-25.1, kernel-rt_debug-5.3.18-25.1, kernel-source-rt-5.3.18-25.1, kernel-syms-rt-5.3.18-25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2021-02-11 14:34:10 UTC 
SUSE-SU-2021:0433-1: An update that solves 10 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1144912,1149032,1163727,1172145,1174206,1176831,1176846,1178036,1178049,1178372,1178631,1178684,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180559,1180562,1180676,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181504,1181553,1181645
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.31.1, kernel-rt_debug-4.12.14-10.31.1, kernel-source-rt-4.12.14-10.31.1, kernel-syms-rt-4.12.14-10.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2021-02-19 20:22:05 UTC 
SUSE-SU-2021:0532-1: An update that solves 8 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1149032,1174206,1176831,1176846,1178036,1178049,1178900,1179093,1179142,1179508,1179509,1179563,1179573,1179575,1179878,1180130,1180765,1180812,1180891,1180912,1181018,1181170,1181230,1181231,1181260,1181349,1181425,1181504,1181809
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1, kernel-zfcpdump-4.12.14-197.83.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.83.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1, kernel-zfcpdump-4.12.14-197.83.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.83.1, kernel-livepatch-SLE15-SP1_Update_22-1-3.5.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.83.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Gabriele Sonnu 2022-04-07 12:41:40 UTC 
Done.