Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-14219

kernel update [SLES15 SP2 5.3.18-24.43.2]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Minor
    • None
    • None
    • None
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive
      various security and bugfixes.

      The following security bugs were fixed:

      • CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
        which could have allowed local users to gain privileges or cause a
        denial of service (bsc#1179141).
      • CVE-2020-15437: Fixed a null pointer dereference which could have
        allowed local users to cause a denial of service(bsc#1179140).
      • CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op
        (bsc#1178123).
      • CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()
        (bsc#1178182).
      • CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()
        (bsc#1178393).
      • CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)
      • CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could
        have been used by local attackers to read kernel memory (bsc#1178886).
      • CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could
        have been used by local attackers to read privileged information or
        potentially crash the kernel (bsc#1178589).
      • CVE-2020-29371: Fixed uninitialized memory leaks to userspace
        (bsc#1179429).
      • CVE-2020-25705: Fixed an issue which could have allowed to quickly scan
        open UDP ports. This flaw allowed an off-path remote user to effectively
        bypassing source port UDP randomization (bsc#1175721).
      • CVE-2020-28941: Fixed an issue where local attackers on systems with the
        speakup driver could cause a local denial of service attack
        (bsc#1178740).
      • CVE-2020-4788: Fixed an issue with IBM Power9 processors could have
        allowed a local user to obtain sensitive information from the data in
        the L1 cache under extenuating circumstances (bsc#1177666).
      • CVE-2020-29369: Fixed a race condition between certain expand functions
        (expand_downwards and expand_upwards) and page-table free operations
        from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2020-December/007964.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-14375 kernel update [SLES15 SP2 5.3.18-24.46.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-14133 kernel update [SLES15 SP2 5.3.18-24.37.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: