Bug 1199515 - (CVE-2021-33135) VUL-0: CVE-2021-33135: kernel-source-rt,kernel-source,kernel-source-azure: Uncontrolled resource consumption in the Linux kernel drivers for Intel SGX may lead to local DoS
(CVE-2021-33135)
VUL-0: CVE-2021-33135: kernel-source-rt,kernel-source,kernel-source-azure: Un...
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/331674/
CVSSv3.1:SUSE:CVE-2021-33135:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-13 10:23 UTC by Carlos López
Modified: 2022-09-16 13:23 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-05-13 10:23:14 UTC
CVE-2021-33135

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX
may allow an authenticated user to potentially enable denial of service via
local access.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33135
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html
Comment 1 Carlos López 2022-05-13 10:28:07 UTC
There are not many public details, but this looks like the fix:
https://github.com/torvalds/linux/commit/08999b2489b4c9b939d7483dbd03702ee4576d96

master and stable already got the commit above, so only SLE15-SP4-GA would be affected, since we do not enable SGX in older branches.
Comment 6 Jan Kara 2022-08-23 11:56:24 UTC
Boris, are you going to pickup this fix?
Comment 12 Swamp Workflow Management 2022-09-16 13:23:16 UTC
SUSE-SU-2022:3288-1: An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1189999,1190497,1192968,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198577,1198702,1198971,1199356,1199515,1200301,1200313,1200431,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201361,1201442,1201455,1201489,1201610,1201726,1201768,1201865,1201940,1201948,1201956,1202094,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202898,1202989,1203036,1203041,1203063,1203098,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-20368,CVE-2022-20369,CVE-2022-2585,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-19359,SLE-23766,SLE-24572,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.