Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13496

kernel update [SLES15 SP1 4.12.14-197.40.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Minor
    • None
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

      The following security bugs were fixed:

      • CVE-2020-8834: KVM on Power8 processors had a conflicting use of
        HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in
        kvmppc_ {save,restore}

        _tm, leading to a stack corruption. Because of
        this, an attacker with the ability to run code in kernel space of a
        guest VM can cause the host kernel to panic (bnc#1168276).

      • CVE-2020-11494: An issue was discovered in slc_bump in
        drivers/net/can/slcan.c, which allowed attackers to read uninitialized
        can_frame data, potentially containing sensitive information from kernel
        stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL
        (bnc#1168424).
      • CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks
        validation of an sk_family field, which might allow attackers to trigger
        kernel stack corruption via crafted system calls (bnc#1167629).
      • CVE-2019-9458: In the video driver there was a use after free due to a
        race condition. This could lead to local escalation of privilege with no
        additional execution privileges needed (bnc#1168295).
      • CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a
        system crash (bnc#1120386).
      • CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function
        (bsc#1159198).
      • CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S
        did not have save/restore functionality for PNV_POWERSAVE_AMR,
        PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).

      The following non-security bugs were fixed:
      http://lists.suse.com/pipermail/sle-security-updates/2020-April/006761.html

      Attachments

        Issue Links

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: