[LU-13859] kernel update [SLES15 SP2 5.3.18-24.9.1] Created: 05/Aug/20  Updated: 14/Sep/20  Resolved: 14/Sep/20

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-13820 support for SLES 15 SP2 Resolved
is related to LU-13963 kernel update [SLES15 SP2 5.3.18-24.1... Resolved
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed
    local users to cause a denial of service (such as relay blockage) by
    triggering a NULL alloc_percpu result (bnc#1158265).
  • CVE-2019-20810: Fixed a memory leak in go7007_snd_init in
    drivers/media/usb/go7007/snd-go7007.c because it did not call
    snd_card_free for a failure path (bnc#1172458).
  • CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo()
    function in net/packet/af_packet.c could result in a denial of service
    (CPU consumption and soft lockup) in a certain failure case involving
    TPACKET_V3 (bnc#1172453).
  • CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
    use-after-free due to a race condition. This could lead to local
    escalation of privilege with System execution privileges needed. User
    interaction is not needed for exploitation (bnc#1174462).
  • CVE-2020-10135: Legacy pairing and secure-connections pairing
    authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier
    may have allowed an unauthenticated user to complete authentication
    without pairing credentials via adjacent access. An unauthenticated,
    adjacent attacker could impersonate a Bluetooth BR/EDR master or slave
    to pair with a previously paired remote device to successfully complete
    the authentication procedure without knowing the link key (bnc#1171988).
  • CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux
    subsystem in versions This flaw occurs while importing the Commercial IP
    Security Option (CIPSO) protocol's category bitmap into the SELinux
    extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw
    allowed a remote network user to crash the system kernel, resulting in a
    denial of service (bnc#1171191).
  • CVE-2020-10732: A flaw was found in the implementation of Userspace core
    dumps. This flaw allowed an attacker with a local account to crash a
    trivial program and exfiltrate private kernel data (bnc#1171220).
  • CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation,
    where it incorrectly assumed that an skb would only contain a single
    netlink message. The hook would incorrectly only validate the first
    netlink message in the skb and allow or deny the rest of the messages
    within the skb with the granted permission without further processing
    (bnc#1171189).
  • CVE-2020-10766: Fixed an issue which allowed an attacker with a local
    account to disable SSBD protection (bnc#1172781).
  • CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier
    was disabled in certain circumstances, leaving the system open to a
    spectre v2 style attack (bnc#1172782).
  • CVE-2020-10768: Fixed an issue with the prctl() function, where indirect
    branch speculation could be enabled even though it was diabled before
    (bnc#1172783).
  • CVE-2020-10773: Fixed a memory leak on s390/s390x, in the
    cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999).
  • CVE-2020-10781: A zram sysfs resource consumption was fixed
    (bnc#1173074).
  • CVE-2020-12656: Fixed a memory leak in gss_mech_free in the
    rpcsec_gss_krb5 implementation, caused by a lack of certain
    domain_release calls (bnc#1171219).
  • CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed
    attackers to cause a panic via concurrent calls to dw_spi_irq and
    dw_spi_transfer_one (bnc#1171983).
  • CVE-2020-12771: An issue was discovered in btree_gc_coalesce in
    drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails
    (bnc#1171732).
  • CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
    disabled memory space (bnc#1171868).
  • CVE-2020-13143: gadget_dev_desc_UDC_store in
    drivers/usb/gadget/configfs.c relies on kstrdup without considering the
    possibility of an internal '\0' value, which allowed attackers to
    trigger an out-of-bounds read (bnc#1171982).
  • CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c,
    if k_ascii is called several times in a row (bnc#1172775).
  • CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the
    slip and slcan line discipline could lead to a use-after-free. This
    affects drivers/net/slip/slip.c and drivers/net/can/slcan.c
    (bnc#1162002).
  • CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
  • CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c
    where injection of malicious ACPI tables via configfs could be used by
    attackers to bypass lockdown and secure boot restrictions, aka
    CID-75b0cea7bf30 (bnc#1173573).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2020-August/007215.html

 Comments   
Comment by Jian Yu [ 14/Sep/20 ]

A new version is available: LU-13963

Generated at Sat Feb 10 03:04:49 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.