[LU-12793] kernel update [SLES12 SP4 4.12.14-95.32.1] Created: 20/Sep/19  Updated: 05/Nov/19  Resolved: 05/Nov/19

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-12660 kernel update [SLES12 SP4 4.12.14-95.... Resolved
is related to LU-12940 kernel update [SLES12 SP4 4.12.14-95.... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
security and bugfixes.

The following new features were implemented:

  • jsc#SLE-4875: [CML] New device IDs for CML
  • jsc#SLE-7294: Add cpufreq driver for Raspberry Pi
  • fate#322438: Integrate P9 XIVE support (on PowerVM only)
  • fate#322447: Add memory protection keys (MPK) support on POWER (on
    PowerVM only)
  • fate#322448, fate#321438: P9 hardware counter (performance counters)
    support (on PowerVM only)
  • fate#325306, fate#321840: Reduce memory required to boot capture kernel
    while using fadump
  • fate#326869: perf: pmu mem_load/store event support

The following security bugs were fixed:

  • CVE-2017-18551: There was an out of bounds write in the function
    i2c_smbus_xfer_emulated. (bsc#1146163).
  • CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super
    failure. (bsc#1146285)
  • CVE-2018-21008: A use-after-free can be caused by the function
    rsi_mac80211_detach (bsc#1149591).
  • CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB
    write due to a missing bounds check. This could have lead to local
    escalation of privilege with System execution privileges needed.
    (bsc#1150025 CVE-2019-9456).
  • CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth
    driver (bsc#1142857 bsc#1123959).
  • CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based
    buffer overflows in marvell wifi chip driver kernel, that allowed local
    users to cause a denial of service (system crash) or possibly execute
    arbitrary code. (bnc#1146516)
  • CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112).
  • CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user
    could read vector registers of other users' processes via an interrupt.
    (bsc#1149713)
  • CVE-2019-15090: In the qedi_dbg_* family of functions, there was an
    out-of-bounds read. (bsc#1146399)
  • CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL
    pointer dereference via an incomplete address in an endpoint descriptor.
    (bsc#1146378).
  • CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer
    dereference via an incomplete address in an endpoint descriptor.
    (bsc#1146368)
  • CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux
    kernel mishandled a short descriptor, leading to out-of-bounds memory
    access. (bsc#1145920).
  • CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux
    kernel mishandled recursion, leading to kernel stack exhaustion.
    (bsc#1145922).
  • CVE-2019-15211: There was a use-after-free caused by a malicious USB
    device in the drivers/media/v4l2-core/v4l2-dev.c driver because
    drivers/media/radio/radio-raremono.c did not properly allocate memory.
    (bsc#1146519).
  • CVE-2019-15212: There was a double-free caused by a malicious USB device
    in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391).
  • CVE-2019-15214: There was a use-after-free in the sound subsystem
    because card disconnection causes certain data structures to be deleted
    too early. (bsc#1146550)
  • CVE-2019-15215: There was a use-after-free caused by a malicious USB
    device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642
    bsc#1146425)
  • CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB
    device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).
  • CVE-2019-15217: There was a NULL pointer dereference caused by a
    malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
    (bsc#1146547).
  • CVE-2019-15218: There was a NULL pointer dereference caused by a
    malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
    (bsc#1051510 bsc#1146413)
  • CVE-2019-15219: There was a NULL pointer dereference caused by a
    malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
    (bsc#1146524)
  • CVE-2019-15220: There was a use-after-free caused by a malicious USB
    device in the drivers/net/wireless/intersil/p54/p54usb.c driver.
    (bsc#1146526)
  • CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference
    caused by a malicious USB device in the sound/usb/line6/pcm.c driver.
    (bsc#1146529, bsc#1146531)
  • CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c
    fix allowed a local attacker to trigger multiple use-after-free
    conditions. This could result in a kernel crash, or potentially in
    privilege escalation. (bsc#1146589)
  • CVE-2019-15290: There was a NULL pointer dereference caused by a
    malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function
    (bsc#1146543).
  • CVE-2019-15292: There was a use-after-free in atalk_proc_exit
    (bsc#1146678)
  • CVE-2019-15538: XFS partially wedged when a chgrp failed on account of
    being out of disk quota. This was primarily a local DoS attack vector,
    but it could result as well in remote DoS if the XFS filesystem was
    exported for instance via NFS. (bsc#1148032, bsc#1148093)
  • CVE-2019-15666: There was an out-of-bounds array access in
    __xfrm_policy_unlink, which would cause denial of service, because
    verify_newpolicy_info mishandled directory validation. (bsc#1148394).
  • CVE-2019-15902: A backporting error reintroduced the Spectre
    vulnerability that it aimed to eliminate. (bnc#1149376)
  • CVE-2019-15917: There was a use-after-free issue when
    hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)
  • CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free.
    (bsc#1149552)
  • CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free.
    (bsc#1149626)
  • CVE-2019-15921: There was a memory leak issue when idr_alloc() failed
    (bsc#1149602)
  • CVE-2019-15924: Fix a NULL pointer dereference because there was no
    -ENOMEM upon an alloc_workqueue failure. (bsc#1149612).
  • CVE-2019-15926: Out of bounds access existed in the functions
    ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx
    (bsc#1149527)
  • CVE-2019-15927: An out-of-bounds access existed in the function
    build_audio_procunit (bsc#1149522)

The following non-security bugs were fixed:
http://lists.suse.com/pipermail/sle-security-updates/2019-September/005942.html

 Comments   
Comment by Gerrit Updater [ 20/Sep/19 ]

Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/36249
Subject: LU-12793 kernel: kernel update SLES12 SP4 [4.12.14-95.32.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: ec848be68842eb660e5bb55eda64c92dbd3941c5

Comment by Gerrit Updater [ 20/Sep/19 ]

Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/36250
Subject: LU-12793 kernel: kernel update SLES12 SP4 [4.12.14-95.32.1]
Project: fs/lustre-release
Branch: b2_12
Current Patch Set: 1
Commit: 015547629df5931c1d76a56cdd196f2671183262

Comment by Jian Yu [ 05/Nov/19 ]

New kernel version was released: LU-12940

Generated at Sat Feb 10 02:55:42 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.