[LU-13860] kernel update [SLES12 SP4 4.12.14-95.57.1]

Related — Thu, 17 Dec 2020 19:45:18 +0000

The following security bugs were fixed:

CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
use-after-free due to a race condition. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1174462).
CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c
where incorrect access permissions for the efivar_ssdt ACPI variable
could be used by attackers to bypass lockdown or secure boot
restrictions, aka CID-1957a85b0032 (bnc#1173567).
CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c
where injection of malicious ACPI tables via configfs could be used by
attackers to bypass lockdown and secure boot restrictions, aka
CID-75b0cea7bf30 (bnc#1173573).
CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a
memory leak, aka CID-28ebeb8db770 (bnc#1173514).
CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a
deadlock if a coalescing operation fails (bnc#1171732).
CVE-2019-16746: net/wireless/nl80211.c did not check the length of
variable elements in a beacon head, leading to a buffer overflow
(bnc#1152107).
CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
disabled memory space (bnc#1171868).
CVE-2020-10769: A buffer over-read flaw was found in
crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
Cryptographic algorithm's module, authenc. When a payload longer than 4
bytes, and is not following 4-byte alignment boundary guidelines, it
causes a buffer over-read threat, leading to a system crash. This flaw
allowed a local attacker with user privileges to cause a denial of
service (bnc#1173265).
CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed
(bnc#1172999).
CVE-2020-14416: A race condition in tty->disc_data handling in the slip
and slcan line discipline could lead to a use-after-free, aka
CID-0ace17d56824. This affects drivers/net/slip/slip.c and
drivers/net/can/slcan.c (bnc#1162002).
CVE-2020-10768: Indirect branch speculation could have been enabled
after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
(bnc#1172783).
CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux
scheduler logical bug allows an attacker to turn off the SSBD
protection. (bnc#1172781).
CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled
when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if
k_ascii is called several times in a row, aka CID-b86dab054059.
(bnc#1172775).
CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c
in the Linux kernel did not call snd_card_free for a failure path, which
causes a memory leak, aka CID-9453264ef586 (bnc#1172458).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2020-August/007220.html

Whamcloud Community JIRA

[LU-13860] kernel update [SLES12 SP4 4.12.14-95.57.1]