Overview

File _patchinfo of Package patchinfo.19841

<patchinfo incident="19841">
  <issue id="1181161" tracker="bnc">[HUAWEI NOT FOR THE USA] customer requests merging upstream's nvme patchsets ref:_00D1igLOd._5001iXjmrk:ref</issue>
  <issue id="1183405" tracker="bnc">L3: Delayed outgoing packets causing NFS timeouts</issue>
  <issue id="1183738" tracker="bnc">Inconsistent iostats results volume vs data devices</issue>
  <issue id="1183947" tracker="bnc">iptables drops RST after NetApp migration</issue>
  <issue id="1184611" tracker="bnc">VUL-0: CVE-2021-32399: kernel-source: Race condition vulnerability in Linux BlueTooth subsystem</issue>
  <issue id="1184675" tracker="bnc">VUL-0: CVE-2021-23133: kernel-source: sctp_destroy_sock list_del race condition</issue>
  <issue id="1185642" tracker="bnc">VUL-0: CVE-2021-3491: kernel-source: io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass</issue>
  <issue id="1185680" tracker="bnc">Data loss/corruption occurs any time there is a write error on an md/raid array.</issue>
  <issue id="1185725" tracker="bnc">Commits To Fix Kdump Failures Edit</issue>
  <issue id="1185859" tracker="bnc">VUL-0: CVE-2020-24586,CVE-2020-24587: kernel-source: mac80211: extend protection against mixed key and fragment cache attacks</issue>
  <issue id="1185860" tracker="bnc">VUL-0: CVE-2020-26145: ath10k: drop fragments with multicast DA for PCIe</issue>
  <issue id="1185862" tracker="bnc">VUL-0: CVE-2020-24587: kernel-source: ath11k: Clear the fragment cache during key install</issue>
  <issue id="1185863" tracker="bnc">VUL-0: kernel-source: various 802.11 security issues aka "FRAGATTACKS"</issue>
  <issue id="1185898" tracker="bnc">VUL-0: CVE-2021-32399: kernel-source-rt,kernel-source,kernel-source-azure: Linux device detach race condition</issue>
  <issue id="1185899" tracker="bnc">VUL-0: CVE-2021-32399: kernel live patch: Linux device detach race condition</issue>
  <issue id="1185901" tracker="bnc">VUL-0: CVE-2021-23133: kernel live patch: sctp_destroy_sock list_del race condition</issue>
  <issue id="1185938" tracker="bnc">L3: SLES 15 SP1 - ppc64le, lpar with 4 ibmvfc virtual hba adapters presented from VIOS servers, gets hang when doing SVC, v5k, maintenance tasks. ()</issue>
  <issue id="1185950" tracker="bnc">L3: improve nf_conntrack RST checks when session is re-established</issue>
  <issue id="1185987" tracker="bnc">VUL-1: CVE-2020-26141: kernel-source-azure,kernel-source,kernel-source-rt: mac80211: Not verifying TKIP MIC of fragmented frames</issue>
  <issue id="1186060" tracker="bnc">VUL-0: CVE-2021-23134: kernel-source-rt,kernel-source-azure,kernel-source: kernel: use-after-free in nfc sockets</issue>
  <issue id="1186061" tracker="bnc">VUL-0: CVE-2021-23134: kernel live patch: use-after-free in nfc sockets</issue>
  <issue id="1186062" tracker="bnc">VUL-0: CVE-2020-26139: kernel-source,kernel-source-rt,kernel-source-azure: kernel:  Forwarding EAPOL from unauthenticated wifi client</issue>
  <issue id="1186111" tracker="bnc">VUL-0: CVE-2021-33034: kernel-source-azure,kernel-source,kernel-source-rt: use-after-free when destroying an hci_chan</issue>
  <issue id="1186285" tracker="bnc">VUL-0: CVE-2021-33034: kernel live patch: use-after-free when destroying an hci_chan</issue>
  <issue id="1186390" tracker="bnc">Partner-L3: CVE-2021-23134 CVE-2021-33033 CVE-2021-33034 CVE-2021-29154 CVE-2020-36322  fixes needed for Reactive LTSS SLES 12 SP2: kernel</issue>
  <issue id="1186484" tracker="bnc">VUL-0: CVE-2021-33200: kernel-source-azure,kernel-source-rt,kernel-source: enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to perform out-of-bounds reads and writes            in kernel memory</issue>
  <issue id="1186498" tracker="bnc">VUL-0: CVE-2021-33200: kernel live patch: enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to perform out-of-bounds reads and writes            in kernel memory</issue>
  <issue id="2021-33200" tracker="cve" />
  <issue id="2021-33034" tracker="cve" />
  <issue id="2020-26139" tracker="cve" />
  <issue id="2021-23134" tracker="cve" />
  <issue id="2020-24586" tracker="cve" />
  <issue id="2020-26141" tracker="cve" />
  <issue id="2020-26145" tracker="cve" />
  <issue id="2020-24587" tracker="cve" />
  <issue id="2020-26147" tracker="cve" />
  <issue id="2021-3491" tracker="cve" />
  <issue id="2021-23133" tracker="cve" />
  <issue id="2021-32399" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)


The following non-security bugs were fixed:

- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
- dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- kabi: Fix breakage in NVMe driver (bsc#1181161).
- kabi: Fix nvmet error log definitions (bsc#1181161).
- kabi: nvme: fix fast_io_fail_tmo (bsc#1181161).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950).
- nvme-fabrics: allow to queue requests for live queues (bsc#1181161).
- nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1181161).
- nvme-fabrics: reject I/O to offline device (bsc#1181161).
- nvme-pci: Sync queues on reset (bsc#1181161).
- nvme-rdma: avoid race between time out and tear down (bsc#1181161).
- nvme-rdma: avoid repeated request completion (bsc#1181161).
- nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161).
- nvme-rdma: fix controller reset hang during traffic (bsc#1181161).
- nvme-rdma: fix possible hang when failing to set io queues (bsc#1181161).
- nvme-rdma: fix timeout handler (bsc#1181161).
- nvme-rdma: serialize controller teardown sequences (bsc#1181161).
- nvme-tcp: avoid race between time out and tear down (bsc#1181161).
- nvme-tcp: avoid repeated request completion (bsc#1181161).
- nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161).
- nvme-tcp: fix controller reset hang during traffic (bsc#1181161).
- nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
- nvme-tcp: fix timeout handler (bsc#1181161).
- nvme-tcp: serialize controller teardown sequences (bsc#1181161).
- nvme: Restart request timers in resetting state (bsc#1181161).
- nvme: add error log page slot definition (bsc#1181161).
- nvme: include admin_q sync with nvme_sync_queues (bsc#1181161).
- nvme: introduce "Command Aborted By host" status code (bsc#1181161).
- nvme: introduce nvme_is_fabrics to check fabrics cmd (bsc#1181161).
- nvme: introduce nvme_sync_io_queues (bsc#1181161).
- nvme: make fabrics command run on a separate request queue (bsc#1181161).
- nvme: prevent warning triggered by nvme_stop_keep_alive (bsc#1181161).
- nvme: unlink head after removing last namespace (bsc#1181161).
- nvmet: add error log support for fabrics-cmd (bsc#1181161).
- nvmet: add error-log definitions (bsc#1181161).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places