[LU-13496] kernel update [SLES15 SP1 4.12.14-197.40.1] Created: 30/Apr/20  Updated: 11/Jun/20  Resolved: 11/Jun/20

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-13405 kernel update [SLES15 SP1 4.12.14-197... Resolved
is related to LU-13658 kernel update [SLES15 SP1 4.12.14-197... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-8834: KVM on Power8 processors had a conflicting use of
    HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in
    kvmppc_ {save,restore}

    _tm, leading to a stack corruption. Because of
    this, an attacker with the ability to run code in kernel space of a
    guest VM can cause the host kernel to panic (bnc#1168276).

  • CVE-2020-11494: An issue was discovered in slc_bump in
    drivers/net/can/slcan.c, which allowed attackers to read uninitialized
    can_frame data, potentially containing sensitive information from kernel
    stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL
    (bnc#1168424).
  • CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks
    validation of an sk_family field, which might allow attackers to trigger
    kernel stack corruption via crafted system calls (bnc#1167629).
  • CVE-2019-9458: In the video driver there was a use after free due to a
    race condition. This could lead to local escalation of privilege with no
    additional execution privileges needed (bnc#1168295).
  • CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a
    system crash (bnc#1120386).
  • CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function
    (bsc#1159198).
  • CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S
    did not have save/restore functionality for PNV_POWERSAVE_AMR,
    PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).

The following non-security bugs were fixed:
http://lists.suse.com/pipermail/sle-security-updates/2020-April/006761.html



 Comments   
Comment by Gerrit Updater [ 17/May/20 ]

Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/38639
Subject: LU-13496 kernel: kernel update SLES15 SP1 [4.12.14-197.40.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 418bb5b915c4b5fab09ae445c44b17bc57b8c848

Comment by Jian Yu [ 11/Jun/20 ]

A newer kernel version is available in LU-13658.

Generated at Sat Feb 10 03:01:46 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.