Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-8834: KVM on Power8 processors had a conflicting use of
HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in
kvmppc_ {save,restore}_tm, leading to a stack corruption. Because of
this, an attacker with the ability to run code in kernel space of a
guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in
drivers/net/can/slcan.c, which allowed attackers to read uninitialized
can_frame data, potentially containing sensitive information from kernel
stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL
(bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks
validation of an sk_family field, which might allow attackers to trigger
kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a
race condition. This could lead to local escalation of privilege with no
additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a
system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function
(bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S
did not have save/restore functionality for PNV_POWERSAVE_AMR,
PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the
vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the
vgacon_invert_region function in drivers/video/console/vgacon.c
(bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c
leads to a wait_til_ready out-of-bounds read because the FDC index is
not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function
in kernel/trace/blktrace.c (bnc#1159285).
The following non-security bugs were fixed:
http://lists.suse.com/pipermail/sle-security-updates/2020-April/006755.html