Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-12660

kernel update [SLES12 SP4 4.12.14-95.29.1]

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Lustre 2.13.0, Lustre 2.12.3
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.

      The following security bugs were fixed:

      • CVE-2018-20855: An issue was discovered in the Linux kernel In
        create_qp_common in drivers/infiniband/hw/mlx5/qp.c,
        mlx5_ib_create_qp_resp was never initialized, resulting in a leak of
        stack memory to userspace(bsc#1143045).
      • CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS
        (bsc#1139358).
      • CVE-2019-14283: In the Linux kernel, set_geometry in
        drivers/block/floppy.c did not validate the sect and head fields, as
        demonstrated by an integer overflow and out-of-bounds read. It could be
        triggered by an unprivileged local user when a floppy disk was inserted.
        NOTE: QEMU creates the floppy device by default. (bnc#1143191)
      • CVE-2019-11810: An issue was discovered in the Linux kernel A NULL
        pointer dereference could occur when megasas_create_frame_pool() failed
        in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.
        This caused a Denial of Service, related to a use-after-free
        (bnc#1134399).
      • CVE-2019-13648: In the Linux kernel on the powerpc platform, when
        hardware transactional memory was disabled, a local user could cause a
        denial of service (TM Bad Thing exception and system crash) via a
        sigreturn() system call that sent a crafted signal frame. (bnc#1142254)
      • CVE-2019-13631: In parse_hid_report_descriptor in
        drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device
        could send an HID report that triggered an out-of-bounds write during
        generation of debugging messages. (bnc#1142023)

      The following non-security bugs were fixed:
      http://lists.suse.com/pipermail/sle-security-updates/2019-August/005794.html

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yujian Jian Yu
                Reporter:
                yujian Jian Yu
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: