[LU-13859] kernel update [SLES15 SP2 5.3.18-24.9.1]

Related — Mon, 14 Sep 2020 23:36:37 +0000

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed
local users to cause a denial of service (such as relay blockage) by
triggering a NULL alloc_percpu result (bnc#1158265).
CVE-2019-20810: Fixed a memory leak in go7007_snd_init in
drivers/media/usb/go7007/snd-go7007.c because it did not call
snd_card_free for a failure path (bnc#1172458).
CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo()
function in net/packet/af_packet.c could result in a denial of service
(CPU consumption and soft lockup) in a certain failure case involving
TPACKET_V3 (bnc#1172453).
CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
use-after-free due to a race condition. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1174462).
CVE-2020-10135: Legacy pairing and secure-connections pairing
authentication in BluetoothÂ® BR/EDR Core Specification v5.2 and earlier
may have allowed an unauthenticated user to complete authentication
without pairing credentials via adjacent access. An unauthenticated,
adjacent attacker could impersonate a Bluetooth BR/EDR master or slave
to pair with a previously paired remote device to successfully complete
the authentication procedure without knowing the link key (bnc#1171988).
CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux
subsystem in versions This flaw occurs while importing the Commercial IP
Security Option (CIPSO) protocol's category bitmap into the SELinux
extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw
allowed a remote network user to crash the system kernel, resulting in a
denial of service (bnc#1171191).
CVE-2020-10732: A flaw was found in the implementation of Userspace core
dumps. This flaw allowed an attacker with a local account to crash a
trivial program and exfiltrate private kernel data (bnc#1171220).
CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation,
where it incorrectly assumed that an skb would only contain a single
netlink message. The hook would incorrectly only validate the first
netlink message in the skb and allow or deny the rest of the messages
within the skb with the granted permission without further processing
(bnc#1171189).
CVE-2020-10766: Fixed an issue which allowed an attacker with a local
account to disable SSBD protection (bnc#1172781).
CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier
was disabled in certain circumstances, leaving the system open to a
spectre v2 style attack (bnc#1172782).
CVE-2020-10768: Fixed an issue with the prctl() function, where indirect
branch speculation could be enabled even though it was diabled before
(bnc#1172783).
CVE-2020-10773: Fixed a memory leak on s390/s390x, in the
cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999).
CVE-2020-10781: A zram sysfs resource consumption was fixed
(bnc#1173074).
CVE-2020-12656: Fixed a memory leak in gss_mech_free in the
rpcsec_gss_krb5 implementation, caused by a lack of certain
domain_release calls (bnc#1171219).
CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed
attackers to cause a panic via concurrent calls to dw_spi_irq and
dw_spi_transfer_one (bnc#1171983).
CVE-2020-12771: An issue was discovered in btree_gc_coalesce in
drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails
(bnc#1171732).
CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
disabled memory space (bnc#1171868).
CVE-2020-13143: gadget_dev_desc_UDC_store in
drivers/usb/gadget/configfs.c relies on kstrdup without considering the
possibility of an internal '\0' value, which allowed attackers to
trigger an out-of-bounds read (bnc#1171982).
CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c,
if k_ascii is called several times in a row (bnc#1172775).
CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the
slip and slcan line discipline could lead to a use-after-free. This
affects drivers/net/slip/slip.c and drivers/net/can/slcan.c
(bnc#1162002).
CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c
where injection of malicious ACPI tables via configfs could be used by
attackers to bypass lockdown and secure boot restrictions, aka
CID-75b0cea7bf30 (bnc#1173573).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2020-August/007215.html

Whamcloud Community JIRA

[LU-13859] kernel update [SLES15 SP2 5.3.18-24.9.1]