Security update for the Linux Kernel

Announcement ID: SUSE-SU-2020:2106-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2019-16746 ( SUSE ): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • CVE-2019-16746 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-20908 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
  • CVE-2019-20908 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0305 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0305 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-10766 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2020-10766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-10767 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVE-2020-10767 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-10768 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2020-10768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-10769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-10769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-10773 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2020-10773 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-12771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-12771 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-12888 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-12888 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-13974 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-13974 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-14416 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-14416 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-15393 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-15393 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-15780 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
  • CVE-2020-15780 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 15
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  • SUSE Linux Enterprise Live Patching 15
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server 15 LTSS 15
  • SUSE Linux Enterprise Server ESPOS 15
  • SUSE Linux Enterprise Server for SAP Applications 15

An update that solves 14 vulnerabilities and has 15 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
  • CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).
  • CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
  • CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514).
  • CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732).
  • CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659).
  • CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
  • CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
  • CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).
  • CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
  • CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783).
  • CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781).
  • CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
  • CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775).

The following non-security bugs were fixed:

  • Merge ibmvnic reset fixes (bsc#1158755 ltc#182094).
  • block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
  • block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673).
  • ibmvnic: Do not process device remove during device reset (bsc#1065729).
  • ibmvnic: Flush existing work items before device removal (bsc#1065729).
  • ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
  • ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239).
  • ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
  • intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
  • livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
  • livepatch: Disallow vmlinux.ko (bsc#1071995).
  • livepatch: Make klp_apply_object_relocs static (bsc#1071995).
  • livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
  • livepatch: Remove .klp.arch (bsc#1071995).
  • vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510).
  • vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000).
  • vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510).
  • vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999).
  • x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Live Patching 15
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2106=1
  • SUSE Linux Enterprise High Availability Extension 15
    zypper in -t patch SUSE-SLE-Product-HA-15-2020-2106=1
  • SUSE Linux Enterprise Server ESPOS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1
  • SUSE Linux Enterprise Server 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2106=1
  • SUSE Linux Enterprise Server for SAP Applications 15
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2106=1

Package List:

  • SUSE Linux Enterprise Live Patching 15 (nosrc)
    • kernel-default-4.12.14-150.55.1
  • SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
    • kernel-default-debuginfo-4.12.14-150.55.1
    • kernel-default-debugsource-4.12.14-150.55.1
    • kernel-default-livepatch-4.12.14-150.55.1
    • kernel-livepatch-4_12_14-150_55-default-1-1.3.1
    • kernel-livepatch-4_12_14-150_55-default-debuginfo-1-1.3.1
  • SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
    • dlm-kmp-default-debuginfo-4.12.14-150.55.1
    • cluster-md-kmp-default-debuginfo-4.12.14-150.55.1
    • gfs2-kmp-default-debuginfo-4.12.14-150.55.1
    • kernel-default-debuginfo-4.12.14-150.55.1
    • kernel-default-debugsource-4.12.14-150.55.1
    • ocfs2-kmp-default-debuginfo-4.12.14-150.55.1
    • cluster-md-kmp-default-4.12.14-150.55.1
    • dlm-kmp-default-4.12.14-150.55.1
    • gfs2-kmp-default-4.12.14-150.55.1
    • ocfs2-kmp-default-4.12.14-150.55.1
  • SUSE Linux Enterprise High Availability Extension 15 (nosrc)
    • kernel-default-4.12.14-150.55.1
  • SUSE Linux Enterprise Server ESPOS 15 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-150.55.1
  • SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
    • kernel-default-debuginfo-4.12.14-150.55.1
    • kernel-default-debugsource-4.12.14-150.55.1
    • kernel-syms-4.12.14-150.55.1
    • kernel-vanilla-base-4.12.14-150.55.1
    • kernel-vanilla-debugsource-4.12.14-150.55.1
    • kernel-default-devel-4.12.14-150.55.1
    • kernel-default-base-4.12.14-150.55.1
    • kernel-default-devel-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-4.12.14-150.55.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-debugsource-4.12.14-150.55.1
    • kernel-vanilla-debuginfo-4.12.14-150.55.1
  • SUSE Linux Enterprise Server ESPOS 15 (noarch)
    • kernel-source-4.12.14-150.55.1
    • kernel-devel-4.12.14-150.55.1
    • kernel-macros-4.12.14-150.55.1
  • SUSE Linux Enterprise Server ESPOS 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.55.1
  • SUSE Linux Enterprise Server ESPOS 15 (nosrc)
    • kernel-vanilla-4.12.14-150.55.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-150.55.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
    • kernel-default-debuginfo-4.12.14-150.55.1
    • kernel-default-debugsource-4.12.14-150.55.1
    • kernel-syms-4.12.14-150.55.1
    • kernel-vanilla-base-4.12.14-150.55.1
    • kernel-vanilla-debugsource-4.12.14-150.55.1
    • kernel-default-devel-4.12.14-150.55.1
    • kernel-default-base-4.12.14-150.55.1
    • kernel-default-devel-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-4.12.14-150.55.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-debugsource-4.12.14-150.55.1
    • kernel-vanilla-debuginfo-4.12.14-150.55.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
    • kernel-source-4.12.14-150.55.1
    • kernel-devel-4.12.14-150.55.1
    • kernel-macros-4.12.14-150.55.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.55.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (nosrc)
    • kernel-vanilla-4.12.14-150.55.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-4.12.14-150.55.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
    • reiserfs-kmp-default-4.12.14-150.55.1
    • kernel-default-debuginfo-4.12.14-150.55.1
    • kernel-default-debugsource-4.12.14-150.55.1
    • kernel-syms-4.12.14-150.55.1
    • kernel-vanilla-base-4.12.14-150.55.1
    • kernel-vanilla-debugsource-4.12.14-150.55.1
    • kernel-default-devel-4.12.14-150.55.1
    • reiserfs-kmp-default-debuginfo-4.12.14-150.55.1
    • kernel-default-base-4.12.14-150.55.1
    • kernel-default-devel-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-4.12.14-150.55.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-debugsource-4.12.14-150.55.1
    • kernel-vanilla-debuginfo-4.12.14-150.55.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
    • kernel-source-4.12.14-150.55.1
    • kernel-devel-4.12.14-150.55.1
    • kernel-macros-4.12.14-150.55.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.55.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (nosrc)
    • kernel-vanilla-4.12.14-150.55.1
    • kernel-zfcpdump-4.12.14-150.55.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
    • kernel-zfcpdump-debuginfo-4.12.14-150.55.1
    • kernel-zfcpdump-debugsource-4.12.14-150.55.1
    • kernel-default-man-4.12.14-150.55.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (nosrc ppc64le x86_64)
    • kernel-default-4.12.14-150.55.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
    • reiserfs-kmp-default-4.12.14-150.55.1
    • kernel-default-debuginfo-4.12.14-150.55.1
    • kernel-default-debugsource-4.12.14-150.55.1
    • kernel-syms-4.12.14-150.55.1
    • kernel-vanilla-base-4.12.14-150.55.1
    • kernel-vanilla-debugsource-4.12.14-150.55.1
    • kernel-default-devel-4.12.14-150.55.1
    • reiserfs-kmp-default-debuginfo-4.12.14-150.55.1
    • kernel-default-base-4.12.14-150.55.1
    • kernel-default-devel-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-4.12.14-150.55.1
    • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
    • kernel-obs-build-debugsource-4.12.14-150.55.1
    • kernel-vanilla-debuginfo-4.12.14-150.55.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
    • kernel-source-4.12.14-150.55.1
    • kernel-devel-4.12.14-150.55.1
    • kernel-macros-4.12.14-150.55.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (noarch nosrc)
    • kernel-docs-4.12.14-150.55.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (nosrc)
    • kernel-vanilla-4.12.14-150.55.1

References: