[LU-12793] kernel update [SLES12 SP4 4.12.14-95.32.1]

Related — Tue, 5 Nov 2019 19:43:57 +0000

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
security and bugfixes.

The following new features were implemented:

jsc#SLE-4875: [CML] New device IDs for CML
jsc#SLE-7294: Add cpufreq driver for Raspberry Pi
fate#322438: Integrate P9 XIVE support (on PowerVM only)
fate#322447: Add memory protection keys (MPK) support on POWER (on
PowerVM only)
fate#322448, fate#321438: P9 hardware counter (performance counters)
support (on PowerVM only)
fate#325306, fate#321840: Reduce memory required to boot capture kernel
while using fadump
fate#326869: perf: pmu mem_load/store event support

The following security bugs were fixed:

CVE-2017-18551: There was an out of bounds write in the function
i2c_smbus_xfer_emulated. (bsc#1146163).
CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super
failure. (bsc#1146285)
CVE-2018-21008: A use-after-free can be caused by the function
rsi_mac80211_detach (bsc#1149591).
CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB
write due to a missing bounds check. This could have lead to local
escalation of privilege with System execution privileges needed.
(bsc#1150025 CVE-2019-9456).
CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth
driver (bsc#1142857 bsc#1123959).
CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based
buffer overflows in marvell wifi chip driver kernel, that allowed local
users to cause a denial of service (system crash) or possibly execute
arbitrary code. (bnc#1146516)
CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112).
CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user
could read vector registers of other users' processes via an interrupt.
(bsc#1149713)
CVE-2019-15090: In the qedi_dbg_* family of functions, there was an
out-of-bounds read. (bsc#1146399)
CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL
pointer dereference via an incomplete address in an endpoint descriptor.
(bsc#1146378).
CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer
dereference via an incomplete address in an endpoint descriptor.
(bsc#1146368)
CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux
kernel mishandled a short descriptor, leading to out-of-bounds memory
access. (bsc#1145920).
CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux
kernel mishandled recursion, leading to kernel stack exhaustion.
(bsc#1145922).
CVE-2019-15211: There was a use-after-free caused by a malicious USB
device in the drivers/media/v4l2-core/v4l2-dev.c driver because
drivers/media/radio/radio-raremono.c did not properly allocate memory.
(bsc#1146519).
CVE-2019-15212: There was a double-free caused by a malicious USB device
in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391).
CVE-2019-15214: There was a use-after-free in the sound subsystem
because card disconnection causes certain data structures to be deleted
too early. (bsc#1146550)
CVE-2019-15215: There was a use-after-free caused by a malicious USB
device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642
bsc#1146425)
CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB
device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).
CVE-2019-15217: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
(bsc#1146547).
CVE-2019-15218: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
(bsc#1051510 bsc#1146413)
CVE-2019-15219: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
(bsc#1146524)
CVE-2019-15220: There was a use-after-free caused by a malicious USB
device in the drivers/net/wireless/intersil/p54/p54usb.c driver.
(bsc#1146526)
CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference
caused by a malicious USB device in the sound/usb/line6/pcm.c driver.
(bsc#1146529, bsc#1146531)
CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c
fix allowed a local attacker to trigger multiple use-after-free
conditions. This could result in a kernel crash, or potentially in
privilege escalation. (bsc#1146589)
CVE-2019-15290: There was a NULL pointer dereference caused by a
malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function
(bsc#1146543).
CVE-2019-15292: There was a use-after-free in atalk_proc_exit
(bsc#1146678)
CVE-2019-15538: XFS partially wedged when a chgrp failed on account of
being out of disk quota. This was primarily a local DoS attack vector,
but it could result as well in remote DoS if the XFS filesystem was
exported for instance via NFS. (bsc#1148032, bsc#1148093)
CVE-2019-15666: There was an out-of-bounds array access in
__xfrm_policy_unlink, which would cause denial of service, because
verify_newpolicy_info mishandled directory validation. (bsc#1148394).
CVE-2019-15902: A backporting error reintroduced the Spectre
vulnerability that it aimed to eliminate. (bnc#1149376)
CVE-2019-15917: There was a use-after-free issue when
hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)
CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free.
(bsc#1149552)
CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free.
(bsc#1149626)
CVE-2019-15921: There was a memory leak issue when idr_alloc() failed
(bsc#1149602)
CVE-2019-15924: Fix a NULL pointer dereference because there was no
-ENOMEM upon an alloc_workqueue failure. (bsc#1149612).
CVE-2019-15926: Out of bounds access existed in the functions
ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx
(bsc#1149527)
CVE-2019-15927: An out-of-bounds access existed in the function
build_audio_procunit (bsc#1149522)

The following non-security bugs were fixed:
http://lists.suse.com/pipermail/sle-security-updates/2019-September/005942.html

Whamcloud Community JIRA

[LU-12793] kernel update [SLES12 SP4 4.12.14-95.32.1]