Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2020:2106-1
Rating:	important
References:	bsc#1051510 bsc#1065729 bsc#1071995 bsc#1104967 bsc#1152107 bsc#1158755 bsc#1162002 bsc#1170011 bsc#1171078 bsc#1171673 bsc#1171732 bsc#1171868 bsc#1172257 bsc#1172775 bsc#1172781 bsc#1172782 bsc#1172783 bsc#1172999 bsc#1173265 bsc#1173280 bsc#1173514 bsc#1173567 bsc#1173573 bsc#1173659 bsc#1173999 bsc#1174000 bsc#1174115 bsc#1174462 bsc#1174543
Cross-References:	CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780
CVSS scores:	CVE-2019-16746 ( SUSE ): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2019-16746 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-20908 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N CVE-2019-20908 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0305 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0305 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-10766 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2020-10766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-10767 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-10767 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-10768 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2020-10768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-10769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10773 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-10773 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-12771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12771 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12888 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-12888 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13974 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-13974 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14416 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14416 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2020-15393 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-15393 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-15780 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N CVE-2020-15780 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves 14 vulnerabilities and has 15 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
• CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).
• CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
• CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514).
• CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732).
• CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659).
• CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
• CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
• CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).
• CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
• CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783).
• CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781).
• CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
• CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775).

The following non-security bugs were fixed:

• Merge ibmvnic reset fixes (bsc#1158755 ltc#182094).
• block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
• block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673).
• ibmvnic: Do not process device remove during device reset (bsc#1065729).
• ibmvnic: Flush existing work items before device removal (bsc#1065729).
• ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
• ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239).
• ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
• intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
• livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
• livepatch: Disallow vmlinux.ko (bsc#1071995).
• livepatch: Make klp_apply_object_relocs static (bsc#1071995).
• livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
• livepatch: Remove .klp.arch (bsc#1071995).
• vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510).
• vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000).
• vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510).
• vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999).
• x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2106=1
• SUSE Linux Enterprise High Availability Extension 15
  zypper in -t patch SUSE-SLE-Product-HA-15-2020-2106=1
• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2106=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2106=1

Package List:

• SUSE Linux Enterprise Live Patching 15 (nosrc)
  • kernel-default-4.12.14-150.55.1
• SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
  • kernel-default-debuginfo-4.12.14-150.55.1
  • kernel-default-debugsource-4.12.14-150.55.1
  • kernel-default-livepatch-4.12.14-150.55.1
  • kernel-livepatch-4_12_14-150_55-default-1-1.3.1
  • kernel-livepatch-4_12_14-150_55-default-debuginfo-1-1.3.1
• SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
  • dlm-kmp-default-debuginfo-4.12.14-150.55.1
  • cluster-md-kmp-default-debuginfo-4.12.14-150.55.1
  • gfs2-kmp-default-debuginfo-4.12.14-150.55.1
  • kernel-default-debuginfo-4.12.14-150.55.1
  • kernel-default-debugsource-4.12.14-150.55.1
  • ocfs2-kmp-default-debuginfo-4.12.14-150.55.1
  • cluster-md-kmp-default-4.12.14-150.55.1
  • dlm-kmp-default-4.12.14-150.55.1
  • gfs2-kmp-default-4.12.14-150.55.1
  • ocfs2-kmp-default-4.12.14-150.55.1
• SUSE Linux Enterprise High Availability Extension 15 (nosrc)
  • kernel-default-4.12.14-150.55.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150.55.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • kernel-default-debuginfo-4.12.14-150.55.1
  • kernel-default-debugsource-4.12.14-150.55.1
  • kernel-syms-4.12.14-150.55.1
  • kernel-vanilla-base-4.12.14-150.55.1
  • kernel-vanilla-debugsource-4.12.14-150.55.1
  • kernel-default-devel-4.12.14-150.55.1
  • kernel-default-base-4.12.14-150.55.1
  • kernel-default-devel-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-4.12.14-150.55.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-debugsource-4.12.14-150.55.1
  • kernel-vanilla-debuginfo-4.12.14-150.55.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • kernel-source-4.12.14-150.55.1
  • kernel-devel-4.12.14-150.55.1
  • kernel-macros-4.12.14-150.55.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.55.1
• SUSE Linux Enterprise Server ESPOS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.55.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150.55.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • kernel-default-debuginfo-4.12.14-150.55.1
  • kernel-default-debugsource-4.12.14-150.55.1
  • kernel-syms-4.12.14-150.55.1
  • kernel-vanilla-base-4.12.14-150.55.1
  • kernel-vanilla-debugsource-4.12.14-150.55.1
  • kernel-default-devel-4.12.14-150.55.1
  • kernel-default-base-4.12.14-150.55.1
  • kernel-default-devel-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-4.12.14-150.55.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-debugsource-4.12.14-150.55.1
  • kernel-vanilla-debuginfo-4.12.14-150.55.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • kernel-source-4.12.14-150.55.1
  • kernel-devel-4.12.14-150.55.1
  • kernel-macros-4.12.14-150.55.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.55.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.55.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.12.14-150.55.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • reiserfs-kmp-default-4.12.14-150.55.1
  • kernel-default-debuginfo-4.12.14-150.55.1
  • kernel-default-debugsource-4.12.14-150.55.1
  • kernel-syms-4.12.14-150.55.1
  • kernel-vanilla-base-4.12.14-150.55.1
  • kernel-vanilla-debugsource-4.12.14-150.55.1
  • kernel-default-devel-4.12.14-150.55.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150.55.1
  • kernel-default-base-4.12.14-150.55.1
  • kernel-default-devel-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-4.12.14-150.55.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-debugsource-4.12.14-150.55.1
  • kernel-vanilla-debuginfo-4.12.14-150.55.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • kernel-source-4.12.14-150.55.1
  • kernel-devel-4.12.14-150.55.1
  • kernel-macros-4.12.14-150.55.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.55.1
• SUSE Linux Enterprise Server 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.55.1
  • kernel-zfcpdump-4.12.14-150.55.1
• SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
  • kernel-zfcpdump-debuginfo-4.12.14-150.55.1
  • kernel-zfcpdump-debugsource-4.12.14-150.55.1
  • kernel-default-man-4.12.14-150.55.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc ppc64le x86_64)
  • kernel-default-4.12.14-150.55.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • reiserfs-kmp-default-4.12.14-150.55.1
  • kernel-default-debuginfo-4.12.14-150.55.1
  • kernel-default-debugsource-4.12.14-150.55.1
  • kernel-syms-4.12.14-150.55.1
  • kernel-vanilla-base-4.12.14-150.55.1
  • kernel-vanilla-debugsource-4.12.14-150.55.1
  • kernel-default-devel-4.12.14-150.55.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150.55.1
  • kernel-default-base-4.12.14-150.55.1
  • kernel-default-devel-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-4.12.14-150.55.1
  • kernel-vanilla-base-debuginfo-4.12.14-150.55.1
  • kernel-obs-build-debugsource-4.12.14-150.55.1
  • kernel-vanilla-debuginfo-4.12.14-150.55.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • kernel-source-4.12.14-150.55.1
  • kernel-devel-4.12.14-150.55.1
  • kernel-macros-4.12.14-150.55.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.55.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc)
  • kernel-vanilla-4.12.14-150.55.1

References:

• https://www.suse.com/security/cve/CVE-2019-16746.html
• https://www.suse.com/security/cve/CVE-2019-20908.html
• https://www.suse.com/security/cve/CVE-2020-0305.html
• https://www.suse.com/security/cve/CVE-2020-10766.html
• https://www.suse.com/security/cve/CVE-2020-10767.html
• https://www.suse.com/security/cve/CVE-2020-10768.html
• https://www.suse.com/security/cve/CVE-2020-10769.html
• https://www.suse.com/security/cve/CVE-2020-10773.html
• https://www.suse.com/security/cve/CVE-2020-12771.html
• https://www.suse.com/security/cve/CVE-2020-12888.html
• https://www.suse.com/security/cve/CVE-2020-13974.html
• https://www.suse.com/security/cve/CVE-2020-14416.html
• https://www.suse.com/security/cve/CVE-2020-15393.html
• https://www.suse.com/security/cve/CVE-2020-15780.html
• https://bugzilla.suse.com/show_bug.cgi?id=1051510
• https://bugzilla.suse.com/show_bug.cgi?id=1065729
• https://bugzilla.suse.com/show_bug.cgi?id=1071995
• https://bugzilla.suse.com/show_bug.cgi?id=1104967
• https://bugzilla.suse.com/show_bug.cgi?id=1152107
• https://bugzilla.suse.com/show_bug.cgi?id=1158755
• https://bugzilla.suse.com/show_bug.cgi?id=1162002
• https://bugzilla.suse.com/show_bug.cgi?id=1170011
• https://bugzilla.suse.com/show_bug.cgi?id=1171078
• https://bugzilla.suse.com/show_bug.cgi?id=1171673
• https://bugzilla.suse.com/show_bug.cgi?id=1171732
• https://bugzilla.suse.com/show_bug.cgi?id=1171868
• https://bugzilla.suse.com/show_bug.cgi?id=1172257
• https://bugzilla.suse.com/show_bug.cgi?id=1172775
• https://bugzilla.suse.com/show_bug.cgi?id=1172781
• https://bugzilla.suse.com/show_bug.cgi?id=1172782
• https://bugzilla.suse.com/show_bug.cgi?id=1172783
• https://bugzilla.suse.com/show_bug.cgi?id=1172999
• https://bugzilla.suse.com/show_bug.cgi?id=1173265
• https://bugzilla.suse.com/show_bug.cgi?id=1173280
• https://bugzilla.suse.com/show_bug.cgi?id=1173514
• https://bugzilla.suse.com/show_bug.cgi?id=1173567
• https://bugzilla.suse.com/show_bug.cgi?id=1173573
• https://bugzilla.suse.com/show_bug.cgi?id=1173659
• https://bugzilla.suse.com/show_bug.cgi?id=1173999
• https://bugzilla.suse.com/show_bug.cgi?id=1174000
• https://bugzilla.suse.com/show_bug.cgi?id=1174115
• https://bugzilla.suse.com/show_bug.cgi?id=1174462
• https://bugzilla.suse.com/show_bug.cgi?id=1174543