SUSE-SU-2020:2106-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Aug 3 13:12:51 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2106-1
Rating:             important
References:         #1051510 #1065729 #1071995 #1104967 #1152107 
                    #1158755 #1162002 #1170011 #1171078 #1171673 
                    #1171732 #1171868 #1172257 #1172775 #1172781 
                    #1172782 #1172783 #1172999 #1173265 #1173280 
                    #1173514 #1173567 #1173573 #1173659 #1173999 
                    #1174000 #1174115 #1174462 #1174543 
Cross-References:   CVE-2019-16746 CVE-2019-20908 CVE-2020-0305
                    CVE-2020-10766 CVE-2020-10767 CVE-2020-10768
                    CVE-2020-10769 CVE-2020-10773 CVE-2020-12771
                    CVE-2020-12888 CVE-2020-13974 CVE-2020-14416
                    CVE-2020-15393 CVE-2020-15780
Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 15 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
     use-after-free due to a race condition. This could lead to local
     escalation of privilege with System execution privileges needed. User
     interaction is not needed for exploitation (bnc#1174462).
   - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c
     where incorrect access permissions for the efivar_ssdt ACPI variable
     could be used by attackers to bypass lockdown or secure boot
     restrictions, aka CID-1957a85b0032 (bnc#1173567).
   - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c
     where injection of malicious ACPI tables via configfs could be used by
     attackers to bypass lockdown and secure boot restrictions, aka
     CID-75b0cea7bf30 (bnc#1173573).
   - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a
     memory leak, aka CID-28ebeb8db770 (bnc#1173514).
   - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a
     deadlock if a coalescing operation fails (bnc#1171732).
   - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which
     did not check the length of variable elements in a beacon head, leading
     to a buffer overflow (bnc#1152107 1173659).
   - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
     disabled memory space (bnc#1171868).
   - CVE-2020-10769: A buffer over-read flaw was found in
     crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
     Cryptographic algorithm's module, authenc. When a payload longer than 4
     bytes, and is not following 4-byte alignment boundary guidelines, it
     causes a buffer over-read threat, leading to a system crash. This flaw
     allowed a local attacker with user privileges to cause a denial of
     service (bnc#1173265).
   - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed
     (bnc#1172999).
   - CVE-2020-14416: A race condition in tty->disc_data handling in the slip
     and slcan line discipline could lead to a use-after-free, aka
     CID-0ace17d56824. This affects drivers/net/slip/slip.c and
     drivers/net/can/slcan.c (bnc#1162002).
   - CVE-2020-10768: Indirect branch speculation could have been enabled
     after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
     (bnc#1172783).
   - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux
     scheduler logical bug allows an attacker to turn off the SSBD
     protection. (bnc#1172781).
   - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled
     when STIBP is unavailable or enhanced IBRS is available.  (bnc#1172782).
   - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if
     k_ascii is called several times in a row, aka CID-b86dab054059
     (bnc#1172775).

   The following non-security bugs were fixed:

   - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094).
   - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
   - block, bfq: postpone rq preparation to insert or merge (bsc#1104967
     bsc#1171673).
   - ibmvnic: Do not process device remove during device reset (bsc#1065729).
   - ibmvnic: Flush existing work items before device removal (bsc#1065729).
   - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
   - ibmvnic: Skip fatal error reset after passive init (bsc#1171078
     ltc#184239).
   - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280
     ltc#185369).
   - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
   - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
   - livepatch: Disallow vmlinux.ko (bsc#1071995).
   - livepatch: Make klp_apply_object_relocs static (bsc#1071995).
   - livepatch: Prevent module-specific KLP rela sections from referencing
     vmlinux symbols (bsc#1071995).
   - livepatch: Remove .klp.arch (bsc#1071995).
   - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510).
   - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000).
   - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510).
   - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999).
   - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
     poisoned (bsc#1172257).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2106=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150.55.1
      kernel-default-debugsource-4.12.14-150.55.1
      kernel-default-livepatch-4.12.14-150.55.1
      kernel-livepatch-4_12_14-150_55-default-1-1.3.1
      kernel-livepatch-4_12_14-150_55-default-debuginfo-1-1.3.1


References:

   https://www.suse.com/security/cve/CVE-2019-16746.html
   https://www.suse.com/security/cve/CVE-2019-20908.html
   https://www.suse.com/security/cve/CVE-2020-0305.html
   https://www.suse.com/security/cve/CVE-2020-10766.html
   https://www.suse.com/security/cve/CVE-2020-10767.html
   https://www.suse.com/security/cve/CVE-2020-10768.html
   https://www.suse.com/security/cve/CVE-2020-10769.html
   https://www.suse.com/security/cve/CVE-2020-10773.html
   https://www.suse.com/security/cve/CVE-2020-12771.html
   https://www.suse.com/security/cve/CVE-2020-12888.html
   https://www.suse.com/security/cve/CVE-2020-13974.html
   https://www.suse.com/security/cve/CVE-2020-14416.html
   https://www.suse.com/security/cve/CVE-2020-15393.html
   https://www.suse.com/security/cve/CVE-2020-15780.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1104967
   https://bugzilla.suse.com/1152107
   https://bugzilla.suse.com/1158755
   https://bugzilla.suse.com/1162002
   https://bugzilla.suse.com/1170011
   https://bugzilla.suse.com/1171078
   https://bugzilla.suse.com/1171673
   https://bugzilla.suse.com/1171732
   https://bugzilla.suse.com/1171868
   https://bugzilla.suse.com/1172257
   https://bugzilla.suse.com/1172775
   https://bugzilla.suse.com/1172781
   https://bugzilla.suse.com/1172782
   https://bugzilla.suse.com/1172783
   https://bugzilla.suse.com/1172999
   https://bugzilla.suse.com/1173265
   https://bugzilla.suse.com/1173280
   https://bugzilla.suse.com/1173514
   https://bugzilla.suse.com/1173567
   https://bugzilla.suse.com/1173573
   https://bugzilla.suse.com/1173659
   https://bugzilla.suse.com/1173999
   https://bugzilla.suse.com/1174000
   https://bugzilla.suse.com/1174115
   https://bugzilla.suse.com/1174462
   https://bugzilla.suse.com/1174543



More information about the sle-security-updates mailing list