Bugzilla – Bug 1188080
VUL-0: CVE-2021-35039: kernel-source-azure,kernel-source-rt,kernel-source: kernel loading unsigned kernel modules via init_module syscall
Last modified: 2024-06-25 16:11:02 UTC
CVE-2021-35039 kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35039 http://seclists.org/oss-sec/2021/q3/6 https://www.openwall.com/lists/oss-security/2021/07/06/3 https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35039 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14
Jessica, could you have a look please?
(In reply to Robert Frohl from comment #0) > CVE-2021-35039 > > kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature > Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification > that > a kernel module is signed, for loading via init_module, does not occur for a > module.sig_enforce=1 command-line argument. > > References: > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35039 > http://seclists.org/oss-sec/2021/q3/6 > https://www.openwall.com/lists/oss-security/2021/07/06/3 > https://github.com/torvalds/linux/commit/ > 0c18f29aae7ce3dadd26d8ee3505d07cc982df75 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35039 > https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14 The fix is already in our SLE15-SP2 and SLE15-SP3 trees since June, so it should already be included in the latest July MU round. However, this was before the CVE was assigned, so I will update the References in the patch to include the CVE number.
(In reply to Jessica Yu from comment #2) > (In reply to Robert Frohl from comment #0) > > CVE-2021-35039 > > > > kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature > > Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification > > that > > a kernel module is signed, for loading via init_module, does not occur for a > > module.sig_enforce=1 command-line argument. > > > > References: > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35039 > > http://seclists.org/oss-sec/2021/q3/6 > > https://www.openwall.com/lists/oss-security/2021/07/06/3 > > https://github.com/torvalds/linux/commit/ > > 0c18f29aae7ce3dadd26d8ee3505d07cc982df75 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35039 > > https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14 > > The fix is already in our SLE15-SP2 and SLE15-SP3 trees since June, so it > should already be included in the latest July MU round. However, this was > before the CVE was assigned, so I will update the References in the patch to > include the CVE number. Ah, and will backport this to the other cve branches where applicable.
(In reply to Jessica Yu from comment #3) > (In reply to Jessica Yu from comment #2) > > (In reply to Robert Frohl from comment #0) > > > CVE-2021-35039 > > > > > > kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature > > > Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification > > > that > > > a kernel module is signed, for loading via init_module, does not occur for a > > > module.sig_enforce=1 command-line argument. > > > > > > References: > > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35039 > > > http://seclists.org/oss-sec/2021/q3/6 > > > https://www.openwall.com/lists/oss-security/2021/07/06/3 > > > https://github.com/torvalds/linux/commit/ > > > 0c18f29aae7ce3dadd26d8ee3505d07cc982df75 > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35039 > > > https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14 > > > > The fix is already in our SLE15-SP2 and SLE15-SP3 trees since June, so it > > should already be included in the latest July MU round. However, this was > > before the CVE was assigned, so I will update the References in the patch to > > include the CVE number. > > Ah, and will backport this to the other cve branches where applicable. According to [1][2], only kernel versions v4.15 and up are affected. Indeed, the commit in the Fixes: tag was only introduced from kernel version v4.15. The exported getter function is_module_sig_enforced() does not exist in older kernels so there are no other subsystems that are relying on sig_enforce, it is a purely local variable to module.c. Thus when CONFIG_MODULE_SIG=n and sig_enforce=1 is set on the cmdline, this essentially is a no-op. So I do not think this needs to be backported to our older kernel branches. [1] https://seclists.org/oss-sec/2021/q3/6 [2] https://www.openwall.com/lists/oss-security/2021/07/06/3
our kernels are built with CONFIG_MODULE_SIG=y so i would say this issue does not affect our kernels?
SUSE-SU-2021:2408-1: An update that solves 5 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269 CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src): kernel-azure-5.3.18-18.58.1, kernel-source-azure-5.3.18-18.58.1, kernel-syms-azure-5.3.18-18.58.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1188080) was mentioned in https://build.opensuse.org/request/show/907471 15.2 / kernel-source
SUSE-SU-2021:2438-1: An update that solves 5 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269 CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: Sources used: SUSE MicroOS 5.0 (src): kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): kernel-default-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.75.3, kernel-livepatch-SLE15-SP2_Update_17-1-5.3.3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src): kernel-default-5.3.18-24.75.3 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): kernel-docs-5.3.18-24.75.2, kernel-obs-build-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2, kernel-syms-5.3.18-24.75.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.75.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1076-1: An update that solves 5 vulnerabilities and has 24 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1176940,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188445 CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: Sources used: openSUSE Leap 15.2 (src): kernel-debug-5.3.18-lp152.84.1, kernel-default-5.3.18-lp152.84.1, kernel-default-base-5.3.18-lp152.84.1.lp152.8.38.1, kernel-docs-5.3.18-lp152.84.1, kernel-kvmsmall-5.3.18-lp152.84.1, kernel-obs-build-5.3.18-lp152.84.1, kernel-obs-qa-5.3.18-lp152.84.1, kernel-preempt-5.3.18-lp152.84.1, kernel-source-5.3.18-lp152.84.1, kernel-syms-5.3.18-lp152.84.1
SUSE-SU-2021:2599-1: An update that solves four vulnerabilities, contains three features and has 23 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188525 CVE References: CVE-2021-22555,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: SLE-17042,SLE-17043,SLE-17268 Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-45.3, kernel-rt_debug-5.3.18-45.3, kernel-source-rt-5.3.18-45.3, kernel-syms-rt-5.3.18-45.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2599-2: An update that solves four vulnerabilities, contains three features and has 23 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188525 CVE References: CVE-2021-22555,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612 JIRA References: SLE-17042,SLE-17043,SLE-17268 Sources used: SUSE MicroOS 5.0 (src): kernel-rt-5.3.18-45.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1
SUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-59.19.1, kernel-64kb-5.3.18-59.19.1, kernel-debug-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-docs-5.3.18-59.19.1, kernel-kvmsmall-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-obs-qa-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1
SUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available. Category: security (important) Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973 CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-59.19.1, kernel-livepatch-SLE15-SP3_Update_5-1-7.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-59.19.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-59.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released