SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2106-1
Rating:             important
References:         #1051510 #1065729 #1071995 #1104967 #1152107 
                    #1158755 #1162002 #1170011 #1171078 #1171673 
                    #1171732 #1171868 #1172257 #1172775 #1172781 
                    #1172782 #1172783 #1172999 #1173265 #1173280 
                    #1173514 #1173567 #1173573 #1173659 #1173999 
                    #1174000 #1174115 #1174462 #1174543 
Cross-References:   CVE-2019-16746 CVE-2019-20908 CVE-2020-0305
                    CVE-2020-10766 CVE-2020-10767 CVE-2020-10768
                    CVE-2020-10769 CVE-2020-10773 CVE-2020-12771
                    CVE-2020-12888 CVE-2020-13974 CVE-2020-14416
                    CVE-2020-15393 CVE-2020-15780
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 15 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
     use-after-free due to a race condition. This could lead to local
     escalation of privilege with System execution privileges needed. User
     interaction is not needed for exploitation (bnc#1174462).
   - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c
     where incorrect access permissions for the efivar_ssdt ACPI variable
     could be used by attackers to bypass lockdown or secure boot
     restrictions, aka CID-1957a85b0032 (bnc#1173567).
   - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c
     where injection of malicious ACPI tables via configfs could be used by
     attackers to bypass lockdown and secure boot restrictions, aka
     CID-75b0cea7bf30 (bnc#1173573).
   - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a
     memory leak, aka CID-28ebeb8db770 (bnc#1173514).
   - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a
     deadlock if a coalescing operation fails (bnc#1171732).
   - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which
     did not check the length of variable elements in a beacon head, leading
     to a buffer overflow (bnc#1152107 1173659).
   - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
     disabled memory space (bnc#1171868).
   - CVE-2020-10769: A buffer over-read flaw was found in
     crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
     Cryptographic algorithm's module, authenc. When a payload longer than 4
     bytes, and is not following 4-byte alignment boundary guidelines, it
     causes a buffer over-read threat, leading to a system crash. This flaw
     allowed a local attacker with user privileges to cause a denial of
     service (bnc#1173265).
   - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed
     (bnc#1172999).
   - CVE-2020-14416: A race condition in tty->disc_data handling in the slip
     and slcan line discipline could lead to a use-after-free, aka
     CID-0ace17d56824. This affects drivers/net/slip/slip.c and
     drivers/net/can/slcan.c (bnc#1162002).
   - CVE-2020-10768: Indirect branch speculation could have been enabled
     after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
     (bnc#1172783).
   - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux
     scheduler logical bug allows an attacker to turn off the SSBD
     protection. (bnc#1172781).
   - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled
     when STIBP is unavailable or enhanced IBRS is available.  (bnc#1172782).
   - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if
     k_ascii is called several times in a row, aka CID-b86dab054059
     (bnc#1172775).

   The following non-security bugs were fixed:

   - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094).
   - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
   - block, bfq: postpone rq preparation to insert or merge (bsc#1104967
     bsc#1171673).
   - ibmvnic: Do not process device remove during device reset (bsc#1065729).
   - ibmvnic: Flush existing work items before device removal (bsc#1065729).
   - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
   - ibmvnic: Skip fatal error reset after passive init (bsc#1171078
     ltc#184239).
   - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280
     ltc#185369).
   - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
   - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
   - livepatch: Disallow vmlinux.ko (bsc#1071995).
   - livepatch: Make klp_apply_object_relocs static (bsc#1071995).
   - livepatch: Prevent module-specific KLP rela sections from referencing
     vmlinux symbols (bsc#1071995).
   - livepatch: Remove .klp.arch (bsc#1071995).
   - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510).
   - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000).
   - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510).
   - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999).
   - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
     poisoned (bsc#1172257).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2106=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2106=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2106=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2020-2106=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      kernel-default-4.12.14-150.55.1
      kernel-default-base-4.12.14-150.55.1
      kernel-default-debuginfo-4.12.14-150.55.1
      kernel-default-debugsource-4.12.14-150.55.1
      kernel-default-devel-4.12.14-150.55.1
      kernel-default-devel-debuginfo-4.12.14-150.55.1
      kernel-obs-build-4.12.14-150.55.1
      kernel-obs-build-debugsource-4.12.14-150.55.1
      kernel-syms-4.12.14-150.55.1
      kernel-vanilla-base-4.12.14-150.55.1
      kernel-vanilla-base-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debugsource-4.12.14-150.55.1
      reiserfs-kmp-default-4.12.14-150.55.1
      reiserfs-kmp-default-debuginfo-4.12.14-150.55.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      kernel-devel-4.12.14-150.55.1
      kernel-docs-4.12.14-150.55.1
      kernel-macros-4.12.14-150.55.1
      kernel-source-4.12.14-150.55.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      kernel-default-4.12.14-150.55.1
      kernel-default-base-4.12.14-150.55.1
      kernel-default-debuginfo-4.12.14-150.55.1
      kernel-default-debugsource-4.12.14-150.55.1
      kernel-default-devel-4.12.14-150.55.1
      kernel-default-devel-debuginfo-4.12.14-150.55.1
      kernel-obs-build-4.12.14-150.55.1
      kernel-obs-build-debugsource-4.12.14-150.55.1
      kernel-syms-4.12.14-150.55.1
      kernel-vanilla-base-4.12.14-150.55.1
      kernel-vanilla-base-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debugsource-4.12.14-150.55.1
      reiserfs-kmp-default-4.12.14-150.55.1
      reiserfs-kmp-default-debuginfo-4.12.14-150.55.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      kernel-devel-4.12.14-150.55.1
      kernel-docs-4.12.14-150.55.1
      kernel-macros-4.12.14-150.55.1
      kernel-source-4.12.14-150.55.1

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      kernel-default-man-4.12.14-150.55.1
      kernel-zfcpdump-debuginfo-4.12.14-150.55.1
      kernel-zfcpdump-debugsource-4.12.14-150.55.1

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150.55.1
      kernel-default-debugsource-4.12.14-150.55.1
      kernel-default-livepatch-4.12.14-150.55.1
      kernel-livepatch-4_12_14-150_55-default-1-1.3.1
      kernel-livepatch-4_12_14-150_55-default-debuginfo-1-1.3.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-150.55.1
      kernel-default-base-4.12.14-150.55.1
      kernel-default-debuginfo-4.12.14-150.55.1
      kernel-default-debugsource-4.12.14-150.55.1
      kernel-default-devel-4.12.14-150.55.1
      kernel-default-devel-debuginfo-4.12.14-150.55.1
      kernel-obs-build-4.12.14-150.55.1
      kernel-obs-build-debugsource-4.12.14-150.55.1
      kernel-syms-4.12.14-150.55.1
      kernel-vanilla-base-4.12.14-150.55.1
      kernel-vanilla-base-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debugsource-4.12.14-150.55.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      kernel-devel-4.12.14-150.55.1
      kernel-docs-4.12.14-150.55.1
      kernel-macros-4.12.14-150.55.1
      kernel-source-4.12.14-150.55.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-150.55.1
      kernel-default-base-4.12.14-150.55.1
      kernel-default-debuginfo-4.12.14-150.55.1
      kernel-default-debugsource-4.12.14-150.55.1
      kernel-default-devel-4.12.14-150.55.1
      kernel-default-devel-debuginfo-4.12.14-150.55.1
      kernel-obs-build-4.12.14-150.55.1
      kernel-obs-build-debugsource-4.12.14-150.55.1
      kernel-syms-4.12.14-150.55.1
      kernel-vanilla-base-4.12.14-150.55.1
      kernel-vanilla-base-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debuginfo-4.12.14-150.55.1
      kernel-vanilla-debugsource-4.12.14-150.55.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      kernel-devel-4.12.14-150.55.1
      kernel-docs-4.12.14-150.55.1
      kernel-macros-4.12.14-150.55.1
      kernel-source-4.12.14-150.55.1

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-150.55.1
      cluster-md-kmp-default-debuginfo-4.12.14-150.55.1
      dlm-kmp-default-4.12.14-150.55.1
      dlm-kmp-default-debuginfo-4.12.14-150.55.1
      gfs2-kmp-default-4.12.14-150.55.1
      gfs2-kmp-default-debuginfo-4.12.14-150.55.1
      kernel-default-debuginfo-4.12.14-150.55.1
      kernel-default-debugsource-4.12.14-150.55.1
      ocfs2-kmp-default-4.12.14-150.55.1
      ocfs2-kmp-default-debuginfo-4.12.14-150.55.1


References:

   https://www.suse.com/security/cve/CVE-2019-16746.html
   https://www.suse.com/security/cve/CVE-2019-20908.html
   https://www.suse.com/security/cve/CVE-2020-0305.html
   https://www.suse.com/security/cve/CVE-2020-10766.html
   https://www.suse.com/security/cve/CVE-2020-10767.html
   https://www.suse.com/security/cve/CVE-2020-10768.html
   https://www.suse.com/security/cve/CVE-2020-10769.html
   https://www.suse.com/security/cve/CVE-2020-10773.html
   https://www.suse.com/security/cve/CVE-2020-12771.html
   https://www.suse.com/security/cve/CVE-2020-12888.html
   https://www.suse.com/security/cve/CVE-2020-13974.html
   https://www.suse.com/security/cve/CVE-2020-14416.html
   https://www.suse.com/security/cve/CVE-2020-15393.html
   https://www.suse.com/security/cve/CVE-2020-15780.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1104967
   https://bugzilla.suse.com/1152107
   https://bugzilla.suse.com/1158755
   https://bugzilla.suse.com/1162002
   https://bugzilla.suse.com/1170011
   https://bugzilla.suse.com/1171078
   https://bugzilla.suse.com/1171673
   https://bugzilla.suse.com/1171732
   https://bugzilla.suse.com/1171868
   https://bugzilla.suse.com/1172257
   https://bugzilla.suse.com/1172775
   https://bugzilla.suse.com/1172781
   https://bugzilla.suse.com/1172782
   https://bugzilla.suse.com/1172783
   https://bugzilla.suse.com/1172999
   https://bugzilla.suse.com/1173265
   https://bugzilla.suse.com/1173280
   https://bugzilla.suse.com/1173514
   https://bugzilla.suse.com/1173567
   https://bugzilla.suse.com/1173573
   https://bugzilla.suse.com/1173659
   https://bugzilla.suse.com/1173999
   https://bugzilla.suse.com/1174000
   https://bugzilla.suse.com/1174115
   https://bugzilla.suse.com/1174462
   https://bugzilla.suse.com/1174543

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:2106-1 important: the Linux Kernel

August 3, 2020
An update that solves 14 vulnerabilities and has 15 fixes is now available

Summary

The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775). The following non-security bugs were fixed: - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).

References

#1051510 #1065729 #1071995 #1104967 #1152107

#1158755 #1162002 #1170011 #1171078 #1171673

#1171732 #1171868 #1172257 #1172775 #1172781

#1172782 #1172783 #1172999 #1173265 #1173280

#1173514 #1173567 #1173573 #1173659 #1173999

#1174000 #1174115 #1174462 #1174543

Cross- CVE-2019-16746 CVE-2019-20908 CVE-2020-0305

CVE-2020-10766 CVE-2020-10767 CVE-2020-10768

CVE-2020-10769 CVE-2020-10773 CVE-2020-12771

CVE-2020-12888 CVE-2020-13974 CVE-2020-14416

CVE-2020-15393 CVE-2020-15780

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Live Patching 15

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Availability 15

https://www.suse.com/security/cve/CVE-2019-16746.html

https://www.suse.com/security/cve/CVE-2019-20908.html

https://www.suse.com/security/cve/CVE-2020-0305.html

https://www.suse.com/security/cve/CVE-2020-10766.html

https://www.suse.com/security/cve/CVE-2020-10767.html

https://www.suse.com/security/cve/CVE-2020-10768.html

https://www.suse.com/security/cve/CVE-2020-10769.html

https://www.suse.com/security/cve/CVE-2020-10773.html

https://www.suse.com/security/cve/CVE-2020-12771.html

https://www.suse.com/security/cve/CVE-2020-12888.html

https://www.suse.com/security/cve/CVE-2020-13974.html

https://www.suse.com/security/cve/CVE-2020-14416.html

https://www.suse.com/security/cve/CVE-2020-15393.html

https://www.suse.com/security/cve/CVE-2020-15780.html

https://bugzilla.suse.com/1051510

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1104967

https://bugzilla.suse.com/1152107

https://bugzilla.suse.com/1158755

https://bugzilla.suse.com/1162002

https://bugzilla.suse.com/1170011

https://bugzilla.suse.com/1171078

https://bugzilla.suse.com/1171673

https://bugzilla.suse.com/1171732

https://bugzilla.suse.com/1171868

https://bugzilla.suse.com/1172257

https://bugzilla.suse.com/1172775

https://bugzilla.suse.com/1172781

https://bugzilla.suse.com/1172782

https://bugzilla.suse.com/1172783

https://bugzilla.suse.com/1172999

https://bugzilla.suse.com/1173265

https://bugzilla.suse.com/1173280

https://bugzilla.suse.com/1173514

https://bugzilla.suse.com/1173567

https://bugzilla.suse.com/1173573

https://bugzilla.suse.com/1173659

https://bugzilla.suse.com/1173999

https://bugzilla.suse.com/1174000

https://bugzilla.suse.com/1174115

https://bugzilla.suse.com/1174462

https://bugzilla.suse.com/1174543

Severity
Announcement ID: SUSE-SU-2020:2106-1
Rating: important

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo