Overview

File _patchinfo of Package patchinfo.20108

<patchinfo incident="20108">
  <issue id="1183658" tracker="bnc">VUL-0: CVE-2021-28660: kernel live patch: memory overwrite in rtl8188eu</issue>
  <issue id="1184710" tracker="bnc">VUL-0: CVE-2021-29154: kernel live patch: LPE due to incorrect BPF JIT branch displacement computation</issue>
  <issue id="1184952" tracker="bnc">VUL-0: CVE-2020-36322: kernel live patch: FUSE driver can confuse kernel by changing inode type</issue>
  <issue id="1185796" tracker="bnc">VUL-0: CVE-2021-3490: kernel live patch: eBPF bitwise ops ALU32 bounds tracking</issue>
  <issue id="1185847" tracker="bnc">kernel live patch: Data loss/corruption occurs any time there is a write error on an md/raid array.</issue>
  <issue id="1185856" tracker="bnc">VUL-0: CVE-2021-3489: kernel live patch: eBPF RINGBUF map oversized allocation</issue>
  <issue id="1185899" tracker="bnc">VUL-0: CVE-2021-32399: kernel live patch: Linux device detach race condition</issue>
  <issue id="1186285" tracker="bnc">VUL-0: CVE-2021-33034: kernel live patch: use-after-free when destroying an hci_chan</issue>
  <issue id="2020-36322" tracker="cve" />
  <issue id="2021-28660" tracker="cve" />
  <issue id="2021-29154" tracker="cve" />
  <issue id="2021-32399" tracker="cve" />
  <issue id="2021-33034" tracker="cve" />
  <issue id="2021-3489" tracker="cve" />
  <issue id="2021-3490" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 5.3.18-57 fixes several issues.

The following issues were fixed:

- CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bsc#1185640).
- CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bsc#1185641).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611).
- CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).
- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593).
- Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185847).
</description>
<summary>Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places