Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).
- CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).
- CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).
- CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).
- CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).
- CVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).
- CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).
The following non-security bugs were fixed:
- can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1171698).
- KEYS: allow reaching the keys quotas exactly (bsc#1171689).
- KEYS: reaching the keys quotas correctly (bsc#1171689).
- Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221).
- random: always use batched entropy for get_random_u{32,64} (bsc#1164871).
Список пакетов
SUSE Linux Enterprise High Availability Extension 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE OpenStack Cloud 7
Ссылки
- Link for SUSE-SU-2020:1597-1
- E-Mail link for SUSE-SU-2020:1597-1
- SUSE Security Ratings
- SUSE Bug 1154824
- SUSE Bug 1164871
- SUSE Bug 1171098
- SUSE Bug 1171195
- SUSE Bug 1171202
- SUSE Bug 1171218
- SUSE Bug 1171219
- SUSE Bug 1171689
- SUSE Bug 1171698
- SUSE Bug 1172221
- SUSE Bug 1172317
- SUSE CVE CVE-2020-0543 page
- SUSE CVE CVE-2020-10757 page
- SUSE CVE CVE-2020-12114 page
- SUSE CVE CVE-2020-12652 page
- SUSE CVE CVE-2020-12653 page
- SUSE CVE CVE-2020-12654 page
Описание
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2020-0543
- SUSE Bug 1154824
- SUSE Bug 1172205
- SUSE Bug 1172206
- SUSE Bug 1172207
- SUSE Bug 1172770
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2020-10757
- SUSE Bug 1159281
- SUSE Bug 1172317
- SUSE Bug 1172437
Описание
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.
Затронутые продукты
Ссылки
- CVE-2020-12114
- SUSE Bug 1171098
Описание
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
Затронутые продукты
Ссылки
- CVE-2020-12652
- SUSE Bug 1171218
Описание
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
Затронутые продукты
Ссылки
- CVE-2020-12653
- SUSE Bug 1159281
- SUSE Bug 1171195
- SUSE Bug 1171254
Описание
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
Затронутые продукты
Ссылки
- CVE-2020-12654
- SUSE Bug 1159281
- SUSE Bug 1171202
- SUSE Bug 1171252
Описание
** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug.
Затронутые продукты
Ссылки
- CVE-2020-12656
- SUSE Bug 1171219