Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).
- CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).
- CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).
- CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).
- CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).
The following non-security bugs were fixed:
- nfsd4: clean up open owners on OPEN failure (bsc#1154290).
- random: always use batched entropy for get_random_u{32,64} (bsc#1164871).
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2020:14393-1
- E-Mail link for SUSE-SU-2020:14393-1
- SUSE Security Ratings
- SUSE Bug 1154290
- SUSE Bug 1154824
- SUSE Bug 1164871
- SUSE Bug 1170056
- SUSE Bug 1171195
- SUSE Bug 1171202
- SUSE Bug 1171218
- SUSE CVE CVE-2020-0543 page
- SUSE CVE CVE-2020-10690 page
- SUSE CVE CVE-2020-12652 page
- SUSE CVE CVE-2020-12653 page
- SUSE CVE CVE-2020-12654 page
Описание
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2020-0543
- SUSE Bug 1154824
- SUSE Bug 1172205
- SUSE Bug 1172206
- SUSE Bug 1172207
- SUSE Bug 1172770
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
Затронутые продукты
Ссылки
- CVE-2020-10690
- SUSE Bug 1170056
Описание
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
Затронутые продукты
Ссылки
- CVE-2020-12652
- SUSE Bug 1171218
Описание
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
Затронутые продукты
Ссылки
- CVE-2020-12653
- SUSE Bug 1159281
- SUSE Bug 1171195
- SUSE Bug 1171254
Описание
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
Затронутые продукты
Ссылки
- CVE-2020-12654
- SUSE Bug 1159281
- SUSE Bug 1171202
- SUSE Bug 1171252