Security update for the Linux Kernel

Announcement ID: SUSE-SU-2020:1142-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-20836 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
  • CVE-2018-20836 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-20836 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-19768 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2019-19768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-19770 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2019-19770 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • CVE-2019-3701 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3701 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-9458 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-9458 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-10942 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-10942 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2020-11494 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2020-11494 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-11669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-11669 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-2732 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVE-2020-2732 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2020-8647 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2020-8647 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2020-8649 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2020-8649 ( NVD ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-8834 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-8834 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-9383 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-9383 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 12 SP5
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Software Development Kit 12 SP5
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves 13 vulnerabilities and has 157 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276).
  • CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
  • CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
  • CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
  • CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
  • CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).
  • CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
  • CVE-2020-2732: Fixed an issue where under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971).
  • CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929 1164078).
  • CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162929 1162931).
  • CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111).
  • CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).
  • CVE-2018-20836: Fixed an issue where a race condition in smp_task_timedout() and smp_task_done() cloud lead to a use-after-free (bnc#1134395).

The following non-security bugs were fixed:

  • ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
  • ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
  • ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013).
  • ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
  • ALSA: core: Add snd_device_get_state() helper (bsc#1051510).
  • ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
  • ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard (bsc#1051510).
  • ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: hda: default enable CA0132 DSP support (bsc#1051510).
  • ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
  • ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666).
  • ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).
  • ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666).
  • ALSA: hda/realtek - a fake key event is triggered by running shutup (bsc#1051510).
  • ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).
  • ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).
  • ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 (git-fixes).
  • ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).
  • ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 (git-fixes).
  • ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666).
  • ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666).
  • ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
  • ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666).
  • ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes).
  • ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups (bsc#1051510).
  • ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510).
  • ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
  • ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
  • ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
  • ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
  • ALSA: info: remove redundant assignment to variable c (bsc#1051510).
  • ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
  • ALSA: line6: Fix endless MIDI read loop (git-fixes).
  • ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510).
  • ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510).
  • ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
  • ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
  • ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes).
  • ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write (bsc#1051510).
  • ALSA: pcm: Use a macro for parameter masks to reduce the needed cast (bsc#1051510).
  • ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
  • ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
  • ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).
  • ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666).
  • ALSA: usb-audio: Add delayed_register option (bsc#1051510).
  • ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).
  • ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666).
  • ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510).
  • ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666).
  • ALSA: usb-audio: App