SUSE-SU-2020:14354-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-202014354-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:14354-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:14354-1
Related
Published
2020-04-30T16:00:22Z
Modified
2020-04-30T16:00:22Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-10942: In getrawsocket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bsc#1167629).
  • CVE-2020-8647: There was a use-after-free vulnerability in the vcdoresize function in drivers/tty/vt/vt.c (bsc#1162929).
  • CVE-2020-8649: There was a use-after-free vulnerability in the vgaconinvertregion function in drivers/video/console/vgacon.c (bsc#1162931).
  • CVE-2020-9383: An issue was discovered setfdc in drivers/block/floppy.c leads to a waittil_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bsc#1165111).
  • CVE-2019-19768: Fixed a use-after-free in the _blkadd_trace function in kernel/trace/blktrace.c (bsc#1159285).
  • CVE-2020-11608: Fixed a NULL pointer dereferences in ov511modeinitregs and ov518modeinitregs when there are zero endpoints (bsc#1168829).
  • CVE-2020-8648: There was a use-after-free vulnerability in the nttyreceivebufcommon function in drivers/tty/n_tty.c (bsc#1162928).
  • CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service or possibly execute arbitrary code, when the lbsibssjoin_existing function is called after a STA connects to an AP (bsc#1157157).
  • CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker is able to cause a denial of service or possibly execute arbitrary code, when a STA works in IBSS mode and connects to another STA (bsc#1157155).
  • CVE-2019-18675: Fixed an Integer Overflow in cpia2remapbuffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bsc#1157804).
  • CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bsc#1159911).
  • CVE-2019-19066: A memory leak in the bfadimgetstats() function in drivers/scsi/bfa/bfadattr.c allowed attackers to cause a denial of service by triggering bfaportget_stats() failures (bsc#1157303).
  • CVE-2019-20096: Fixed a memory leak in _featregister_sp() in net/dccp/feat.c, which may cause denial of service (bsc#1159908).
  • CVE-2019-19966: Fixed a use-after-free in cpia2exit() in drivers/media/usb/cpia2/cpia2v4l.c that will cause denial of service (bsc#1159841).
  • CVE-2019-19532: Fixed multiple out-of-bounds write bugs that can be caused by a malicious USB device (bsc#1158824).
  • CVE-2019-19523: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bsc#115882).
  • CVE-2019-19537: Fixed a race condition that can be caused by a malicious USB device in the USB character device driver layer (bsc#1158904).
  • CVE-2019-19527, CVE-2019-19530, CVE-2019-19524: Fixed multiple use-after-free bug that could be caused by a malicious USB device (bsc#1158381, bsc#1158834, bsc#1158900).
  • CVE-2019-15213: Fixed a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bsc#1146544).
  • CVE-2019-19531: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bsc#1158445).
  • CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs (bsc#1157038).
  • CVE-2019-19227: Fixed a potential NULL pointer dereference in the AppleTalk subsystem (bsc#1157678).
  • CVE-2019-19074: Fixed a memory leak in the ath9kwmicmd(), which allowed attackers to cause a denial of service (bsc#1157143).
  • CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c, which allowed attackers to cause a denial of service (bsc#1157070).
  • CVE-2019-15916: Fixed a memory leak in registerqueuekobjects() in net/core/net-sysfs.c, which could cause denial of service (bsc#1149448).
  • CVE-2019-12456: Fixed a denial of service in ctlioctl_main, which could be triggered by a local user (bsc#1136922).

The following non-security bugs were fixed:

  • Input: add safety guards to inputsetkeycode() (bsc#1168075).
  • blk: Fix kabi due to blktracemutex addition (bsc#1159285).
  • blktrace: fix dereference after null check (bsc#1159285).
  • blktrace: fix trace mutex deadlock (bsc#1159285).
  • block: Fix oops scsidiskget() (bsc#1105327).
  • fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985).
  • kaiser: Fix for 32bit KAISER implementations (bsc#1157344).
  • klist: fix starting point removed bug in klist iterators (bsc#1156652).
  • kobject: Export kobjectgetunless_zero() (bsc#1105327).
  • kobject: fix ksetfindobj() race with concurrent last kobject_put() (bsc#1105327).
  • kref: minor cleanup (bsc#1105327).
  • media: ov519: add missing endpoint sanity checks (bsc#1168829).
  • media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
  • netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).
  • powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041).
  • powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798).
  • powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041).
  • powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107).
  • rpm/kernel-binary.spec.in: Replace Novell with SUSE
  • sched: Fix race between taskgroup and schedtask_group (bsc#1136471).
  • sched: Remove lockdep check in schedmovetask() (bsc#1136471).
  • scsi: lpfc: Fix driver crash in target reset handler (bsc#1148871).
  • writeback: fix race that cause writeback hung (bsc#1161358).
  • x86: fix speculation bug reporting (bsc#1012382).
References

Affected packages

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-bigmem

Package

Name
kernel-bigmem
Purl
purl:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-pae

Package

Name
kernel-pae
Purl
purl:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-ppc64

Package

Name
kernel-ppc64
Purl
purl:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-trace

Package

Name
kernel-trace
Purl
purl:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101-108.111.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-base": "3.0.101-108.111.1",
            "kernel-default-man": "3.0.101-108.111.1",
            "kernel-ec2": "3.0.101-108.111.1",
            "kernel-default": "3.0.101-108.111.1",
            "kernel-source": "3.0.101-108.111.1",
            "kernel-bigmem": "3.0.101-108.111.1",
            "kernel-pae-base": "3.0.101-108.111.1",
            "kernel-syms": "3.0.101-108.111.1",
            "kernel-bigmem-base": "3.0.101-108.111.1",
            "kernel-pae": "3.0.101-108.111.1",
            "kernel-ppc64-devel": "3.0.101-108.111.1",
            "kernel-ec2-devel": "3.0.101-108.111.1",
            "kernel-ppc64-base": "3.0.101-108.111.1",
            "kernel-trace-devel": "3.0.101-108.111.1",
            "kernel-trace": "3.0.101-108.111.1",
            "kernel-ec2-base": "3.0.101-108.111.1",
            "kernel-ppc64": "3.0.101-108.111.1",
            "kernel-xen-base": "3.0.101-108.111.1",
            "kernel-xen-devel": "3.0.101-108.111.1",
            "kernel-bigmem-devel": "3.0.101-108.111.1",
            "kernel-trace-base": "3.0.101-108.111.1",
            "kernel-default-devel": "3.0.101-108.111.1",
            "kernel-pae-devel": "3.0.101-108.111.1",
            "kernel-xen": "3.0.101-108.111.1"
        }
    ]
}