Security update for the Linux Kernel

Announcement ID: SUSE-SU-2019:1536-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-7191 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7191 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-10124 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2019-10124 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11085 ( SUSE ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2019-11085 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11477 ( SUSE ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2019-11477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11477 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11479 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11479 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-11486 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11486 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11486 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11487 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11487 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11487 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11833 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11833 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11833 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11884 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-11884 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-11884 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-12382 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-12382 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-3846 ( SUSE ): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3846 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3846 ( NVD ): 8.0 CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2019-5489 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2019-5489 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4

An update that solves 13 vulnerabilities and has 132 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.
  • CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power.
  • CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)
  • CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586)
  • CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190)
  • CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)
  • CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)
  • CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)
  • CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278)
  • CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)
  • CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848)
  • CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)

The following non-security bugs were fixed:

  • 9p locks: add mount option for lock retry interval (bsc#1051510).
  • acpi: button: reinitialize button state upon resume (bsc#1051510).
  • acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510).
  • acpica: Namespace: remove address node from global list after method termination (bsc#1051510).
  • acpi: fix menuconfig presentation of ACPI submenu (bsc#1117158).
  • acpi / utils: Drop reference in test for device presence (bsc#1051510).
  • alsa: core: Do not refer to snd_cards array directly (bsc#1051510).
  • alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).
  • alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510).
  • alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510).
  • alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).
  • alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510).
  • alsa: hda/realtek - EAPD turn on later (bsc#1051510).
  • alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510).
  • alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510).
  • alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510).
  • alsa: hda - Register irq handler after the chip initialization (bsc#1051510).
  • alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).
  • alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510).
  • alsa: line6: Avoid polluting led_* namespace (bsc#1051510).
  • alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).
  • alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510).
  • alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).
  • alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510).
  • alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).
  • alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510).
  • alsa: seq: Remove superfluous irqsave flags (bsc#1051510).
  • alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).
  • alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).
  • alsa: timer: Coding style fixes (bsc#1051510).
  • alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510).
  • alsa: timer: Make sure to clear pending ack list (bsc#1051510).
  • alsa: timer: Revert active callback sync check at close (bsc#1051510).
  • alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).
  • alsa: timer: Unify timer callback process code (bsc#1051510).
  • alsa: usb-audio: Fix a memory leak bug (bsc#1051510).
  • alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510).
  • alsa: usx2y: fix a double free bug (bsc#1051510).
  • appletalk: Fix compile regression (bsc#1051510).
  • appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).
  • arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).
  • arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158).
  • arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).
  • arm64: fix ACPI dependencies (bsc#1117158).
  • arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158).
  • arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).
  • arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510).
  • arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).
  • arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).
  • arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).
  • arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510).
  • arm: iop: do not use using 64-bit DMA masks (bsc#1051510).
  • arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510).
  • arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510).
  • arm: orion: do not use using 64-bit DMA masks (bsc#1051510).
  • arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).
  • arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).
  • ar