Bugzilla – Bug 1194518
VUL-0: CVE-2021-46283: kernel-source-rt,kernel-source,kernel-source-azure: crash in netfilter table expressions
Last modified: 2022-12-05 10:09:29 UTC
report via security@suse.com 5.7 - 5.13 affected From: ONE K <n4ke4mry@gmail.com> Subject: (Request CVE ID) Linux kernel: Local dos vulnerability in nft_set_elem_expr_alloc Date: Tue, 11 Jan 2022 15:16:23 +0800 The vulnerability was found through syzkaller fuzzing the latest openSUSE Leap 15.3 (5.11.0-41-generic), and *general users* can cause the local system to crash, but need to create a namespace Related information on syzbot: https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345 Patches have been provided on the main line: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad9f151e560b016b6ad3280b48e42fa11e1a5440 The vulnerability can be reproduced on the latest openSUSE: Linux localhost.localdomain 5.3.18-59.37-default #1 SMP Mon Nov 22 12:29:04 UTC 2021 (d10168e) x86_64 x86_64 x86_64 GNU/Linux [image: image-20211130180649416.png]
SLE15-SP3 contains the patch causing the problem, while SLE15-SP2 doesn't. Adding Thomas to Cc, as he backported it.
the fix is now present in SLE15-SP3 465666f49cad all other branches are _not_ affected. Reassigning back to the security team.
openSUSE-SU-2022:0169-1: An update that solves 10 vulnerabilities and has 32 fixes is now available. Category: security (important) Bug References: 1065729,1071995,1154353,1154492,1156395,1167773,1176447,1176774,1177437,1190256,1191271,1191929,1192931,1193255,1193328,1193660,1193669,1193727,1193901,1193927,1194001,1194027,1194087,1194094,1194302,1194493,1194516,1194517,1194518,1194529,1194578,1194580,1194584,1194586,1194587,1194589,1194590,1194591,1194592,1194888,1194953,1194985 CVE References: CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-45485,CVE-2021-45486,CVE-2021-46283,CVE-2022-0185,CVE-2022-0322 JIRA References: Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.37.1, kernel-source-azure-5.3.18-150300.38.37.1, kernel-syms-azure-5.3.18-150300.38.37.1
SUSE-SU-2022:0169-1: An update that solves 10 vulnerabilities and has 32 fixes is now available. Category: security (important) Bug References: 1065729,1071995,1154353,1154492,1156395,1167773,1176447,1176774,1177437,1190256,1191271,1191929,1192931,1193255,1193328,1193660,1193669,1193727,1193901,1193927,1194001,1194027,1194087,1194094,1194302,1194493,1194516,1194517,1194518,1194529,1194578,1194580,1194584,1194586,1194587,1194589,1194590,1194591,1194592,1194888,1194953,1194985 CVE References: CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-45485,CVE-2021-45486,CVE-2021-46283,CVE-2022-0185,CVE-2022-0322 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.37.1, kernel-source-azure-5.3.18-150300.38.37.1, kernel-syms-azure-5.3.18-150300.38.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0198-1: An update that solves 10 vulnerabilities and has 33 fixes is now available. Category: security (important) Bug References: 1065729,1071995,1154353,1154492,1156395,1167773,1176447,1176774,1177437,1190256,1191271,1191929,1192931,1193255,1193328,1193660,1193669,1193727,1193901,1193927,1194001,1194027,1194087,1194094,1194266,1194302,1194493,1194516,1194517,1194518,1194529,1194578,1194580,1194584,1194586,1194587,1194589,1194590,1194591,1194592,1194888,1194953,1194985 CVE References: CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-45485,CVE-2021-45486,CVE-2021-46283,CVE-2022-0185,CVE-2022-0322 JIRA References: Sources used: SUSE MicroOS 5.1 (src): kernel-default-5.3.18-150300.59.43.1, kernel-default-base-5.3.18-150300.59.43.1.150300.18.27.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.43.1, kernel-preempt-5.3.18-150300.59.43.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.43.1, kernel-livepatch-SLE15-SP3_Update_12-1-150300.7.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.43.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.43.1, kernel-obs-build-5.3.18-150300.59.43.1, kernel-preempt-5.3.18-150300.59.43.1, kernel-source-5.3.18-150300.59.43.1, kernel-syms-5.3.18-150300.59.43.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.43.1, kernel-default-5.3.18-150300.59.43.1, kernel-default-base-5.3.18-150300.59.43.1.150300.18.27.1, kernel-preempt-5.3.18-150300.59.43.1, kernel-source-5.3.18-150300.59.43.1, kernel-zfcpdump-5.3.18-150300.59.43.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.43.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0198-1: An update that solves 10 vulnerabilities and has 33 fixes is now available. Category: security (important) Bug References: 1065729,1071995,1154353,1154492,1156395,1167773,1176447,1176774,1177437,1190256,1191271,1191929,1192931,1193255,1193328,1193660,1193669,1193727,1193901,1193927,1194001,1194027,1194087,1194094,1194266,1194302,1194493,1194516,1194517,1194518,1194529,1194578,1194580,1194584,1194586,1194587,1194589,1194590,1194591,1194592,1194888,1194953,1194985 CVE References: CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-45485,CVE-2021-45486,CVE-2021-46283,CVE-2022-0185,CVE-2022-0322 JIRA References: Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.43.1, kernel-preempt-5.3.18-150300.59.43.1 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.43.1, kernel-64kb-5.3.18-150300.59.43.1, kernel-debug-5.3.18-150300.59.43.1, kernel-default-5.3.18-150300.59.43.1, kernel-default-base-5.3.18-150300.59.43.1.150300.18.27.1, kernel-docs-5.3.18-150300.59.43.1, kernel-kvmsmall-5.3.18-150300.59.43.1, kernel-obs-build-5.3.18-150300.59.43.1, kernel-obs-qa-5.3.18-150300.59.43.1, kernel-preempt-5.3.18-150300.59.43.1, kernel-source-5.3.18-150300.59.43.1, kernel-syms-5.3.18-150300.59.43.1, kernel-zfcpdump-5.3.18-150300.59.43.1
SUSE-SU-2022:0288-1: An update that solves 9 vulnerabilities, contains 7 features and has 30 fixes is now available. Category: security (important) Bug References: 1065729,1071995,1154353,1154492,1156395,1167773,1176447,1176774,1177437,1190256,1191271,1192931,1193255,1193328,1193669,1193727,1193767,1193901,1193927,1194001,1194027,1194302,1194493,1194516,1194517,1194518,1194529,1194580,1194584,1194586,1194587,1194589,1194590,1194591,1194592,1194888,1194953,1194985,1195062 CVE References: CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-44733,CVE-2021-46283,CVE-2022-0185,CVE-2022-0322 JIRA References: SLE-13294,SLE-13533,SLE-14777,SLE-15172,SLE-16683,SLE-23432,SLE-8464 Sources used: SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.71.1, kernel-rt_debug-5.3.18-150300.71.1, kernel-source-rt-5.3.18-150300.71.1, kernel-syms-rt-5.3.18-150300.71.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.71.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.