Bug 1187554 – VUL-0: CVE-2021-33624: kernel-source-azure,kernel-source,kernel-source-rt: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory

Bug 1187554 - (CVE-2021-33624) VUL-0: CVE-2021-33624: kernel-source-azure,kernel-source,kernel-source-rt: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory

(CVE-2021-33624)
Summary:	VUL-0: CVE-2021-33624: kernel-source-azure,kernel-source,kernel-source-rt: Li...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Joey Lee
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/302614/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-33624:5.1:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-06-21 15:00 UTC by Marcus Meissner
Modified:	2022-07-21 20:00 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2021-06-21 15:00:47 UTC

CVE-2021-33624

via oss-sec

From: Adam Morrison <mad@cs.tau.ac.il>
Subject: [oss-security] [CVE-2021-33624] Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory
Date: Mon, 21 Jun 2021 17:47:27 +0300

The Linux kernel BPF subsystem's protection against speculative
execution attacks (Spectre mitigation) can be bypassed.

On affected systems, an unprivileged BPF program can exploit this
vulnerability to leak the contents of arbitrary kernel memory (and
therefore, of all physical memory) via a side-channel.

The issue is that when the kernel's BPF verifier enumerates the
possible execution paths of a BPF program, it skips any branch
outcomes that are impossible according to the ISA semantics.
However, when the BPF program executes, such branch outcomes may be
mispredicted and so a path could speculatively execute that was
missed by the verifier.

For example, when analyzing a memory load instruction, the paths
inspected by the verifier could use an address register that is always
in-bounds, and so the instruction is deemed safe. Whereas a path
missed by the verifier could put an arbitrary attacker-controlled
scalar into the address register before a branch that mispredicts
to the load instruction. This can be abused to read and leak the
contents of any kernel address via a side-channel.

Several PoCs of this vulnerability have been shared privately with
<security@kernel.org> and the BPF maintainers to assist developing
the fix.

The following patch series (available from the mainline git
repository) fixes the vulnerability (the 3rd one is the main patch):

* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d203b0fd863a2261e5d00b97f3d060c4c2a6db71
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe9a5ca7e370e613a9a75a13008a3845ea759d6e
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9183671af6dbf60a1219371d4ed73e23f43b49db
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=973377ffe8148180b2651825b92ae91988141b05

Thanks to Piotr Krysiuk for collaborating on this advisory.

# Discoverers

Ofek Kirzner <ofekkir@gmail.com> and Adam Morrison <mad@cs.tau.ac.il>
Benedict Schlueter <benedict.schlueter@rub.de> (independent report)
Piotr Krysiuk <piotras@gmail.com> (independent report)

# References

CVE-2021-33624 (reserved via https://cveform.mitre.org/)

Comment 1 Marcus Meissner 2021-06-21 15:02:54 UTC

seems 4.15 and newer?

Comment 2 Takashi Iwai 2021-06-21 15:08:18 UTC

(In reply to Marcus Meissner from comment #1)
> seems 4.15 and newer?

Judging from the commit logs, yes.

Adding Gary to Cc.

Comment 3 Gary Ching-Pang Lin 2021-06-22 01:31:27 UTC

The target commit(*) is included in SLE15-SP2/3 and cve/linux-4.12, so we at least need to backport the patches for them.

(*) b2157399cc98 ("bpf: prevent out-of-bounds speculation")

Comment 4 Gary Ching-Pang Lin 2021-06-22 07:09:14 UTC

d203b0fd863 bpf: Inherit expanded/patched seen count from old aux data
fe9a5ca7e37 bpf: Do not mark insn as seen under speculative path verification

This two patches are only needed by SLE15-SP3 since 51c39bb1d5d1 ("bpf: Introduce function-by-function verification") is backported to SLE15-SP3.

For other branches, 9183671af6db ("bpf: Fix leakage under speculation on mispredicted branches") is enough.

Comment 5 Gary Ching-Pang Lin 2021-06-22 09:35:28 UTC

I found that it's tricky to apply the patch for cve/linux-4.12.

For SLE15-SP1 and SLE12-SP5, f4d7e40a5b7157 ("bpf: introduce function calls (verification)") was backported so 9183671af6db can be applied directly.

On the other hand, the patch cannot be applied to SLE15 and SLE12-SP4 due to some missing field in "struct bpf_verifier_state".

I probably have to apply the fix separately.

Comment 13 OBSbugzilla Bot 2021-07-07 10:57:11 UTC

This is an autogenerated message for OBS integration:
This bug (1187554) was mentioned in
https://build.opensuse.org/request/show/904571 15.2 / kernel-source

Comment 16 Swamp Workflow Management 2021-07-08 13:33:18 UTC

openSUSE-SU-2021:0985-1: An update that solves 10 vulnerabilities and has 103 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184436,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1185861,1185863,1186206,1186286,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.81.1, kernel-default-5.3.18-lp152.81.1, kernel-default-base-5.3.18-lp152.81.1.lp152.8.36.1, kernel-docs-5.3.18-lp152.81.1, kernel-kvmsmall-5.3.18-lp152.81.1, kernel-obs-build-5.3.18-lp152.81.1, kernel-obs-qa-5.3.18-lp152.81.1, kernel-preempt-5.3.18-lp152.81.1, kernel-source-5.3.18-lp152.81.1, kernel-syms-5.3.18-lp152.81.1

Comment 19 Swamp Workflow Management 2021-07-13 13:27:39 UTC

SUSE-SU-2021:2303-1: An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.53.1, kernel-source-azure-5.3.18-18.53.1, kernel-syms-azure-5.3.18-18.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Swamp Workflow Management 2021-07-13 16:22:56 UTC

SUSE-SU-2021:2305-1: An update that solves 5 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1176447,1176774,1176919,1177028,1178134,1182470,1183682,1184212,1184685,1185486,1185675,1185677,1186071,1186206,1186666,1186949,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.11.1, kernel-source-azure-5.3.18-38.11.1, kernel-syms-azure-5.3.18-38.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2021-07-13 16:33:43 UTC

openSUSE-SU-2021:2305-1: An update that solves 5 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1176447,1176774,1176919,1177028,1178134,1182470,1183682,1184212,1184685,1185486,1185675,1185677,1186071,1186206,1186666,1186949,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.11.1, kernel-source-azure-5.3.18-38.11.1, kernel-syms-azure-5.3.18-38.11.1

Comment 23 Swamp Workflow Management 2021-07-14 19:28:06 UTC

SUSE-SU-2021:2325-1: An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.70.1, kernel-default-base-5.3.18-24.70.1.9.32.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-preempt-5.3.18-24.70.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-livepatch-SLE15-SP2_Update_16-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.70.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.70.1, kernel-obs-build-5.3.18-24.70.1, kernel-preempt-5.3.18-24.70.1, kernel-source-5.3.18-24.70.1, kernel-syms-5.3.18-24.70.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-default-base-5.3.18-24.70.1.9.32.1, kernel-preempt-5.3.18-24.70.1, kernel-source-5.3.18-24.70.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.70.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2021-07-14 19:38:38 UTC

SUSE-SU-2021:2321-1: An update that solves 9 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.62.1, kernel-source-azure-4.12.14-16.62.1, kernel-syms-azure-4.12.14-16.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2021-07-14 19:49:18 UTC

SUSE-SU-2021:2349-1: An update that solves 9 vulnerabilities and has 79 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1184040,1185428,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972,1188010
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-4.12.14-10.49.1
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.49.1, kernel-rt_debug-4.12.14-10.49.1, kernel-source-rt-4.12.14-10.49.1, kernel-syms-rt-4.12.14-10.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2021-07-14 20:27:10 UTC

SUSE-SU-2021:2324-1: An update that solves 9 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972,1188010
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.77.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.77.1, kernel-obs-build-4.12.14-122.77.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.77.1, kernel-source-4.12.14-122.77.1, kernel-syms-4.12.14-122.77.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.77.1, kgraft-patch-SLE12-SP5_Update_20-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-07-15 16:21:28 UTC

openSUSE-SU-2021:2352-1: An update that solves 5 vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1176447,1176774,1176919,1177028,1178134,1182470,1184212,1184685,1185486,1185675,1185677,1186206,1186666,1186949,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-64kb-5.3.18-59.13.1, kernel-debug-5.3.18-59.13.1, kernel-default-5.3.18-59.13.1, kernel-default-base-5.3.18-59.13.1.18.6.1, kernel-docs-5.3.18-59.13.1, kernel-kvmsmall-5.3.18-59.13.1, kernel-obs-build-5.3.18-59.13.1, kernel-obs-qa-5.3.18-59.13.1, kernel-preempt-5.3.18-59.13.1, kernel-source-5.3.18-59.13.1, kernel-syms-5.3.18-59.13.1, kernel-zfcpdump-5.3.18-59.13.1

Comment 32 Swamp Workflow Management 2021-07-15 16:40:16 UTC

SUSE-SU-2021:2352-1: An update that solves 5 vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1176447,1176774,1176919,1177028,1178134,1182470,1184212,1184685,1185486,1185675,1185677,1186206,1186666,1186949,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.13.1, kernel-preempt-5.3.18-59.13.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.13.1, kernel-livepatch-SLE15-SP3_Update_3-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.13.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.13.1, kernel-obs-build-5.3.18-59.13.1, kernel-preempt-5.3.18-59.13.1, kernel-source-5.3.18-59.13.1, kernel-syms-5.3.18-59.13.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.13.1, kernel-default-5.3.18-59.13.1, kernel-default-base-5.3.18-59.13.1.18.6.1, kernel-preempt-5.3.18-59.13.1, kernel-source-5.3.18-59.13.1, kernel-zfcpdump-5.3.18-59.13.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Swamp Workflow Management 2021-07-21 13:24:38 UTC

SUSE-SU-2021:2421-1: An update that solves 24 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1, kernel-zfcpdump-4.12.14-150.75.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.75.1, kernel-livepatch-SLE15_Update_25-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 37 Swamp Workflow Management 2021-07-21 13:31:22 UTC

openSUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.99.1, kernel-default-4.12.14-197.99.1, kernel-kvmsmall-4.12.14-197.99.1, kernel-vanilla-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1

Comment 38 Swamp Workflow Management 2021-07-21 13:48:52 UTC

SUSE-SU-2021:2426-1: An update that solves 9 vulnerabilities, contains 8 features and has 101 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187834,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-42.2, kernel-rt_debug-5.3.18-42.2, kernel-source-rt-5.3.18-42.1, kernel-syms-rt-5.3.18-42.1, lttng-modules-2.10.10-1.5.1, oracleasm-2.0.8-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Swamp Workflow Management 2021-07-21 13:54:38 UTC

SUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-livepatch-SLE15-SP1_Update_26-1-3.3.3
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.99.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Swamp Workflow Management 2021-07-21 13:58:51 UTC

SUSE-SU-2021:2422-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1104967,1174978,1179610,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kgraft-patch-SLE12-SP4_Update_22-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Joey Lee 2022-02-07 04:56:56 UTC

(In reply to Gary Ching-Pang Lin from comment #5)
> I found that it's tricky to apply the patch for cve/linux-4.12.
> 
> For SLE15-SP1 and SLE12-SP5, f4d7e40a5b7157 ("bpf: introduce function calls
> (verification)") was backported so 9183671af6db can be applied directly.
> 
> On the other hand, the patch cannot be applied to SLE15 and SLE12-SP4 due to
> some missing field in "struct bpf_verifier_state".
> 
> I probably have to apply the fix separately.

The 9183671af6db be applied to SLE15-LTSS and SLE12-SP4-LTSS kernel:

From: Daniel Borkmann <daniel@iogearbox.net>
Date: Fri, 28 May 2021 15:47:32 +0000
Subject: bpf: Fix leakage under speculation on mispredicted branches
Patch-mainline: v5.13-rc7
Git-commit: 9183671af6dbf60a1219371d4ed73e23f43b49db
References: bsc#1187554,CVE-2021-33624
...
NOTE from Gary:
  * Replace 'branch->frame[branch->curframe]->regs' with 'branch->regs'
    in sanitize_speculative_path() since calling bpf functions from
    bpf(*) wasn't backported
  * Replace "env->bypass_spec_v1" with "env->allow_ptr_leaks" for the
    privileged user check.
  * Modify the diff for check_cond_jmp_op() to fit the code

(*) f4d7e40a5b71 ("bpf: introduce function calls (verification)")

Set this issue to fixed.