Описание
Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP4)
This update for the Linux Kernel 4.12.14-95_19 fixes several issues.
The following security issues were fixed:
- CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).
- CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140).
- CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP4
Ссылки
- Link for SUSE-SU-2020:1758-1
- E-Mail link for SUSE-SU-2020:1758-1
- SUSE Security Ratings
- SUSE Bug 1171746
- SUSE Bug 1172140
- SUSE Bug 1172437
- SUSE CVE CVE-2018-1000199 page
- SUSE CVE CVE-2019-15666 page
- SUSE CVE CVE-2020-10757 page
Описание
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
Затронутые продукты
Ссылки
- CVE-2018-1000199
- SUSE Bug 1089895
- SUSE Bug 1090036
Описание
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
Затронутые продукты
Ссылки
- CVE-2019-15666
- SUSE Bug 1148394
- SUSE Bug 1172140
Описание
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2020-10757
- SUSE Bug 1159281
- SUSE Bug 1172317
- SUSE Bug 1172437