Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-14219] kernel update [SLES15 SP2 5.3.18-24.43.2] https://jira.whamcloud.com/browse/LU-14219 Lustre <p> The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive<br/> various security and bugfixes.</p> <p> The following security bugs were fixed:</p> <ul class="alternate" type="square"> <li>CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c<br/> which could have allowed local users to gain privileges or cause a<br/> denial of service (bsc#1179141).</li> <li>CVE-2020-15437: Fixed a null pointer dereference which could have<br/> allowed local users to cause a denial of service(bsc#1179140).</li> <li>CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op<br/> (bsc#1178123).</li> <li>CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()<br/> (bsc#1178182).</li> <li>CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()<br/> (bsc#1178393).</li> <li>CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)</li> <li>CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could<br/> have been used by local attackers to read kernel memory (bsc#1178886).</li> <li>CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could<br/> have been used by local attackers to read privileged information or<br/> potentially crash the kernel (bsc#1178589).</li> <li>CVE-2020-29371: Fixed uninitialized memory leaks to userspace<br/> (bsc#1179429).</li> <li>CVE-2020-25705: Fixed an issue which could have allowed to quickly scan<br/> open UDP ports. This flaw allowed an off-path remote user to effectively<br/> bypassing source port UDP randomization (bsc#1175721).</li> <li>CVE-2020-28941: Fixed an issue where local attackers on systems with the<br/> speakup driver could cause a local denial of service attack<br/> (bsc#1178740).</li> <li>CVE-2020-4788: Fixed an issue with IBM Power9 processors could have<br/> allowed a local user to obtain sensitive information from the data in<br/> the L1 cache under extenuating circumstances (bsc#1177666).</li> <li>CVE-2020-29369: Fixed a race condition between certain expand functions<br/> (expand_downwards and expand_upwards) and page-table free operations<br/> from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).</li> </ul> <p> The following non-security bugs were fixed:<br/> <a href="https://lists.suse.com/pipermail/sle-security-updates/2020-December/007964.html" class="external-link" target="_blank" rel="nofollow noopener">https://lists.suse.com/pipermail/sle-security-updates/2020-December/007964.html</a></p> LU-14219 kernel update [SLES15 SP2 5.3.18-24.43.2] Improvement Minor Resolved Won't Fix Jian Yu Jian Yu Tue, 15 Dec 2020 19:24:16 +0000 Thu, 28 Jan 2021 00:40:22 +0000 Thu, 28 Jan 2021 00:40:22 +0000 0 2 <p>Jian Yu (yujian@whamcloud.com) uploaded a new patch: <a href="https://review.whamcloud.com/41033" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/41033</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-14219" title="kernel update [SLES15 SP2 5.3.18-24.43.2]" class="issue-link" data-issue-key="LU-14219"><del>LU-14219</del></a> kernel: kernel update SLES15 SP2 <span class="error">&#91;5.3.18-24.43.2&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: dd629c9c242827bfa638aed6c46e4b270bd38fb7</p> <p>A new version is available: <a href="https://jira.whamcloud.com/browse/LU-14375" title="kernel update [SLES15 SP2 5.3.18-24.46.1]" class="issue-link" data-issue-key="LU-14375"><del>LU-14375</del></a></p> Related LU-14133 LU-14375 Development Rank 1|i01h87: Rank (Obsolete) 9223372036854775807