Bug 1220700 (CVE-2021-46974) - VUL-0: CVE-2021-46974: kernel: bpf: Fix masking negation logic upon negative dst register
Summary: VUL-0: CVE-2021-46974: kernel: bpf: Fix masking negation logic upon negative ...
Status: RESOLVED FIXED
Alias: CVE-2021-46974
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/395380/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-46974:5.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-29 15:26 UTC by SMASH SMASH
Modified: 2024-05-28 11:49 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-29 15:26:07 UTC 
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix masking negation logic upon negative dst register

The negation logic for the case where the off_reg is sitting in the
dst register is not correct given then we cannot just invert the add
to a sub or vice versa. As a fix, perform the final bitwise and-op
unconditionally into AX from the off_reg, then move the pointer from
the src to dst and finally use AX as the source for the original
pointer arithmetic operation such that the inversion yields a correct
result. The single non-AX mov in between is possible given constant
blinding is retaining it as it's not an immediate based operation.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46974
https://www.cve.org/CVERecord?id=CVE-2021-46974
https://bugzilla.redhat.com/show_bug.cgi?id=2266826
https://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46974-0852@gregkh/T/#u

Patch:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b9b34ddbe207
Comment 1 Andrea Mattiazzo 2024-02-29 15:27:32 UTC 
Closing since:
-codestreams below cve/linux-4.12 are not affected
-cve/linux-4.12,cve/linux-5.3,cve/linux-5.14,stable and SLE15-SP6 already patched
Comment 3 Shung-Hsi Yu 2024-03-05 13:55:47 UTC 
Reference updated in cve/linux-4.12 and cve/linux-5.3. Newer branches inherit the fix directly from upstream source and does not carry the fix as backported patch.

Reassigning back to security team.
Comment 13 Maintenance Automation 2024-03-13 08:30:26 UTC 
SUSE-SU-2024:0857-1: An update that solves 67 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1200599, 1207653, 1212514, 1213456, 1216223, 1218195, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1219915, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220689, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46968, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6817, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Sources used:
openSUSE Leap 15.3 (src): kernel-obs-qa-5.3.18-150300.59.153.1, kernel-livepatch-SLE15-SP3_Update_42-1-150300.7.3.2, kernel-syms-5.3.18-150300.59.153.1, kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_42-1-150300.7.3.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Maintenance Automation 2024-03-13 08:30:45 UTC 
SUSE-SU-2024:0856-1: An update that solves 67 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1155518, 1184436, 1185988, 1186286, 1200599, 1207653, 1212514, 1213456, 1216223, 1218195, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1219915, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46968, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6817, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Sources used:
SUSE Linux Enterprise Micro 5.1 (src): kernel-source-rt-5.3.18-150300.161.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-source-rt-5.3.18-150300.161.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-source-rt-5.3.18-150300.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Maintenance Automation 2024-03-22 12:30:11 UTC 
SUSE-SU-2024:0976-1: An update that solves 47 vulnerabilities and has nine security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32929](https://smelt.suse.de/incident/32929/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-source-rt-4.12.14-10.171.1, kernel-syms-rt-4.12.14-10.171.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2024-03-22 12:30:22 UTC 
SUSE-SU-2024:0975-1: An update that solves 52 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1217987, 1217988, 1217989, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33200, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32910](https://smelt.suse.de/incident/32910/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Maintenance Automation 2024-03-22 12:32:10 UTC 
SUSE-SU-2024:0926-1: An update that solves 65 vulnerabilities and has six security fixes can now be installed.

Category: security (important)
Bug References: 1155518, 1184436, 1185988, 1186286, 1200599, 1212514, 1213456, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32904](https://smelt.suse.de/incident/32904/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_46-1-150200.5.3.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Maintenance Automation 2024-03-22 12:32:25 UTC 
SUSE-SU-2024:0925-1: An update that solves 49 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33200, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600:, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32885](https://smelt.suse.de/incident/32885/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_54-1-8.7.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.201.2
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Carlos López 2024-05-28 11:42:00 UTC 
Done, closing.