1189233 – (CVE-2021-38166) VUL-0: CVE-2021-38166: kernel-source-azure,kernel-source,kernel-source-rt: There is an integer overflow and out-of-bounds in kernel/bpf/hashtab.c write when many elements are placed in a single bucket

Bug 1189233 (CVE-2021-38166) - VUL-0: CVE-2021-38166: kernel-source-azure,kernel-source,kernel-source-rt: There is an integer overflow and out-of-bounds in kernel/bpf/hashtab.c write when many elements are placed in a single bucket

Summary: VUL-0: CVE-2021-38166: kernel-source-azure,kernel-source,kernel-source-rt: Th...

Status:	RESOLVED FIXED

Alias:	CVE-2021-38166

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/305976/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-08-09 14:55 UTC by Gianluca Gabrielli
Modified:	2024-06-25 16:15 UTC (History)
CC List:	8 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gianluca Gabrielli 2021-08-09 14:55:55 UTC

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer
overflow and out-of-bounds write when many elements are placed in a single
bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN
capability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38166
http://www.cvedetails.com/cve/CVE-2021-38166/
https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu@gmail.com/
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6

Comment 1 Gianluca Gabrielli 2021-08-09 14:56:19 UTC

Affected base-branches:
 - master
 - stable

Comment 2 Marcus Meissner 2021-08-09 16:02:52 UTC

well, not quite ... lots of BPF stuff was backported:

this is in 15-sp3

grep 057996380a42 patches.* -r
patches.suse/bpf-Add-batch-ops-to-all-htab-bpf-map.patch:Git-commit: 057996380a42bb64ccc04383cfa9c0ace4ea11f0
patches.suse/bpf-Do-not-grab-the-bucket-spinlock-by-default-on-ht.patch:Fixes: 057996380a42 ("bpf: Add batch ops to all htab bpf map")
patches.suse/bpf-Fix-a-potential-deadlock-with-bpf_map_do_batch.patch:Commit 057996380a42 ("bpf: Add batch ops to all htab bpf map")
patches.suse/bpf-Fix-a-potential-deadlock-with-bpf_map_do_batch.patch:Fixes: 057996380a42 ("bpf: Add batch ops to all htab bpf map")

Comment 6 Tony Jones 2021-08-13 18:30:55 UTC

master is not required for CVE.

Comment 24 Swamp Workflow Management 2021-09-21 20:11:11 UTC

# maintenance_jira_update_notice
openSUSE-SU-2021:3179-1: An update that solves 20 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.22.2, kernel-source-azure-5.3.18-38.22.1, kernel-syms-azure-5.3.18-38.22.1

Comment 25 Swamp Workflow Management 2021-09-21 20:35:43 UTC

# maintenance_jira_update_notice
SUSE-SU-2021:3179-1: An update that solves 20 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.22.2, kernel-source-azure-5.3.18-38.22.1, kernel-syms-azure-5.3.18-38.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-09-23 19:52:08 UTC

SUSE-SU-2021:3205-1: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.24.1, kernel-livepatch-SLE15-SP3_Update_6-1-7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.24.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.24.1, kernel-obs-build-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-syms-5.3.18-59.24.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.24.1, kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-zfcpdump-5.3.18-59.24.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-09-23 20:10:43 UTC

openSUSE-SU-2021:3205-1: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.24.1, kernel-64kb-5.3.18-59.24.1, kernel-debug-5.3.18-59.24.1, kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1, kernel-docs-5.3.18-59.24.1, kernel-kvmsmall-5.3.18-59.24.1, kernel-obs-build-5.3.18-59.24.1, kernel-obs-qa-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-syms-5.3.18-59.24.1, kernel-zfcpdump-5.3.18-59.24.1

Comment 29 Swamp Workflow Management 2021-10-13 13:32:04 UTC

SUSE-SU-2021:3205-2: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Carlos López 2022-06-08 13:45:58 UTC

Done, closing.