Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2020:1142-1
Rating:	important
References:	bsc#1044231 bsc#1050549 bsc#1051510 bsc#1051858 bsc#1056686 bsc#1060463 bsc#1065600 bsc#1065729 bsc#1083647 bsc#1085030 bsc#1088810 bsc#1103990 bsc#1103992 bsc#1104353 bsc#1104745 bsc#1104967 bsc#1109837 bsc#1109911 bsc#1111666 bsc#1111974 bsc#1112178 bsc#1112374 bsc#1112504 bsc#1113956 bsc#1114279 bsc#1114685 bsc#1118338 bsc#1119680 bsc#1120386 bsc#1123328 bsc#1127611 bsc#1133021 bsc#1134090 bsc#1134395 bsc#1136157 bsc#1136333 bsc#1137325 bsc#1141895 bsc#1142685 bsc#1144162 bsc#1144333 bsc#1145051 bsc#1145929 bsc#1146539 bsc#1148868 bsc#1154385 bsc#1156510 bsc#1157424 bsc#1158187 bsc#1158552 bsc#1158983 bsc#1159037 bsc#1159142 bsc#1159198 bsc#1159199 bsc#1159285 bsc#1160659 bsc#1161561 bsc#1161702 bsc#1161951 bsc#1162171 bsc#1162929 bsc#1162931 bsc#1163403 bsc#1163508 bsc#1163762 bsc#1163897 bsc#1163971 bsc#1164051 bsc#1164078 bsc#1164115 bsc#1164284 bsc#1164388 bsc#1164471 bsc#1164507 bsc#1164598 bsc#1164632 bsc#1164705 bsc#1164712 bsc#1164727 bsc#1164728 bsc#1164729 bsc#1164730 bsc#1164731 bsc#1164732 bsc#1164733 bsc#1164734 bsc#1164735 bsc#1164777 bsc#1164780 bsc#1164893 bsc#1165019 bsc#1165111 bsc#1165182 bsc#1165185 bsc#1165211 bsc#1165404 bsc#1165488 bsc#1165527 bsc#1165581 bsc#1165741 bsc#1165813 bsc#1165823 bsc#1165873 bsc#1165929 bsc#1165949 bsc#1165950 bsc#1165980 bsc#1165984 bsc#1165985 bsc#1166003 bsc#1166101 bsc#1166102 bsc#1166103 bsc#1166104 bsc#1166632 bsc#1166658 bsc#1166730 bsc#1166731 bsc#1166732 bsc#1166733 bsc#1166734 bsc#1166735 bsc#1166780 bsc#1166860 bsc#1166861 bsc#1166862 bsc#1166864 bsc#1166866 bsc#1166867 bsc#1166868 bsc#1166870 bsc#1166940 bsc#1166982 bsc#1167005 bsc#1167216 bsc#1167288 bsc#1167290 bsc#1167316 bsc#1167421 bsc#1167423 bsc#1167627 bsc#1167629 bsc#1168075 bsc#1168202 bsc#1168273 bsc#1168276 bsc#1168295 bsc#1168367 bsc#1168424 bsc#1168443 bsc#1168486 bsc#1168552 bsc#1168760 bsc#1168762 bsc#1168763 bsc#1168764 bsc#1168765 bsc#1168829 bsc#1168854 bsc#1168881 bsc#1168884 bsc#1168952 bsc#1169013 bsc#1169057 bsc#1169307 bsc#1169308 bsc#1169390 bsc#1169514 bsc#1169625
Cross-References:	CVE-2018-20836 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-2732 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383
CVSS scores:	CVE-2018-20836 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2018-20836 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20836 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19768 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19770 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2019-19770 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2019-3701 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2019-3701 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9458 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-9458 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-10942 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10942 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2020-11494 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-11494 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-11669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-11669 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-2732 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2020-2732 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2020-8647 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2020-8647 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-8649 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2020-8649 ( NVD ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-8834 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-8834 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-9383 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-9383 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves 13 vulnerabilities and has 157 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276).
CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).
CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
CVE-2020-2732: Fixed an issue where under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971).
CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929 1164078).
CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162929 1162931).
CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111).
CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).
CVE-2018-20836: Fixed an issue where a race condition in smp_task_timedout() and smp_task_done() cloud lead to a use-after-free (bnc#1134395).

The following non-security bugs were fixed:

ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013).
ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
ALSA: core: Add snd_device_get_state() helper (bsc#1051510).
ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510).
ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard (bsc#1051510).
ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510).
ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510).
ALSA: hda: default enable CA0132 DSP support (bsc#1051510).
ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666).
ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).
ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666).
ALSA: hda/realtek - a fake key event is triggered by running shutup (bsc#1051510).
ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).
ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 (git-fixes).
ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 (git-fixes).
ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666).
ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666).
ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666).
ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes).
ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups (bsc#1051510).
ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510).
ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
ALSA: info: remove redundant assignment to variable c (bsc#1051510).
ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
ALSA: line6: Fix endless MIDI read loop (git-fixes).
ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510).
ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510).
ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes).
ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write (bsc#1051510).
ALSA: pcm: Use a macro for parameter masks to reduce the needed cast (bsc#1051510).
ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).
ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666).
ALSA: usb-audio: Add delayed_register option (bsc#1051510).
ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).
ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666).
ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510).
ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666).
ALSA: usb-audio: App