Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999).
- CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
- CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775).
- CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220).
- CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219).
- CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462).
- CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
- CVE-2020-12652: The __mptctl_ioctl function in drivers/message/fusion/mptctl.c allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a 'double fetch' vulnerability (bnc#1171218).
- CVE-2019-5108: Fixed a denial-of-service vulnerability in the wifi stack. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912).
The following non-security bugs were fixed:
- Fix gcc-discovered error in zeroing a struct (bnc#680814)
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2020:14442-1
- E-Mail link for SUSE-SU-2020:14442-1
- SUSE Security Ratings
- SUSE Bug 1159912
- SUSE Bug 1159913
- SUSE Bug 1162002
- SUSE Bug 1171218
- SUSE Bug 1171219
- SUSE Bug 1171220
- SUSE Bug 1172775
- SUSE Bug 1172999
- SUSE Bug 1173265
- SUSE Bug 1174462
- SUSE Bug 1174543
- SUSE CVE CVE-2019-5108 page
- SUSE CVE CVE-2020-0305 page
- SUSE CVE CVE-2020-10732 page
- SUSE CVE CVE-2020-10769 page
- SUSE CVE CVE-2020-10773 page
- SUSE CVE CVE-2020-12652 page
Описание
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2019-5108
- SUSE Bug 1159912
- SUSE Bug 1159913
Описание
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
Затронутые продукты
Ссылки
- CVE-2020-0305
- SUSE Bug 1174462
Описание
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
Затронутые продукты
Ссылки
- CVE-2020-10732
- SUSE Bug 1171220
Описание
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-10769
- SUSE Bug 1173265
Описание
A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
Затронутые продукты
Ссылки
- CVE-2020-10773
- SUSE Bug 1172999
Описание
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
Затронутые продукты
Ссылки
- CVE-2020-12652
- SUSE Bug 1171218
Описание
** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug.
Затронутые продукты
Ссылки
- CVE-2020-12656
- SUSE Bug 1171219
Описание
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.
Затронутые продукты
Ссылки
- CVE-2020-13974
- SUSE Bug 1172775
Описание
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.
Затронутые продукты
Ссылки
- CVE-2020-14416
- SUSE Bug 1162002