Bugzilla – Bug 1183089
VUL-0: CVE-2021-20265: kernel-source-azure,kernel-source,kernel-source-rt: increase slab leak leads to DoS
Last modified: 2022-04-07 12:54:55 UTC
rh#1908827 A flaw was found in the way memory resources were freed in unix_stream_recvmsg function in the Linux kernel when signal was pending. An unprivileged local user could use this flaw to crash the system by exhausting available memory. Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa0dc04df259ba2df3ce1920e9690c7842f8fa4b References: https://bugzilla.redhat.com/show_bug.cgi?id=1908827 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20265 https://access.redhat.com/security/cve/CVE-2021-20265
(In reply to Robert Frohl from comment #0) > Upstream patch: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > ?id=fa0dc04df259ba2df3ce1920e9690c7842f8fa4b patch is from 2016: tracking SLE-12-SP4 and newer as not affected and SLE-12-SP2, SLE-12-SP3 and SLE-12-SP3-TD as already fixed. I struggle a bit to assess the old SLE11 codestreams as the code is quite a bit different. But this > Fixes: b3ca9b02b007 ("net: fix multithreaded signal handling in unix recv routines") lets me think that this could be relevant down to version v2.6.38.
The fix, commit fa0dc04df259 ("af_unix: fix struct pid memory leak") reached mainline in v4.5-rc3 and all our 4.4 based branches received it with 4.4.3 stable backport. As for when the issue was introduced, I don't think commit b3ca9b02b007 ("net: fix multithreaded signal handling in unix recv routines") did really introduce the leak, I believe it was already possible before at least since 2.6.32. Going to add the patch to cve/linux-3.0 and cve/linux-2.6.32.
Fix submitted to all affected branches: introduced ??? fixed fa0dc04df259 v4.5-rc3 cve/linux-4.4 4.4.4 (references update submitted) cve/linux-3.0 1c75ab8b25f3 * cve/linux-2.6.32 857aef1229cc * Reassigning back to security team.
SUSE-SU-2021:14849-1: An update that solves 17 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1183089,1184673,1186109,1187050,1187215,1188172,1188563,1188601,1188876,1189057,1189262,1189399,1190117,1190351,1191315,1191660,1191958,1192036,1192267,904899,905100 CVE References: CVE-2014-7841,CVE-2020-36385,CVE-2021-20265,CVE-2021-33033,CVE-2021-3542,CVE-2021-3609,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3679,CVE-2021-37159,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-source-3.0.101-108.132.1, kernel-syms-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3929-1: An update that solves 36 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1068032,1087082,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1183089,1184673,1186109,1186390,1188172,1188325,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189706,1190023,1190025,1190067,1190117,1190159,1190276,1190349,1190351,1190601,1191193,1191315,1191790,1191958,1191961,1192781,802154 CVE References: CVE-2017-5753,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): kernel-default-4.4.121-92.161.1, kernel-source-4.4.121-92.161.1, kernel-syms-4.4.121-92.161.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3935-1: An update that solves 38 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1073928,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1177666,1181158,1181854,1181855,1183089,1184673,1185726,1185727,1185758,1185973,1186109,1186390,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189420,1189706,1190022,1190023,1190025,1190067,1190117,1190159,1190194,1190349,1190351,1190601,1190717,1191193,1191315,1191790,1191801,1191958,1191961,1192267,1192400,1192775,1192781 CVE References: CVE-2017-17862,CVE-2017-17864,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2020-4788,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1 SUSE OpenStack Cloud 8 (src): kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.180-94.150.1 HPE Helion Openstack 8 (src): kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done.
Closing.