Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-22 fixes several issues.
The following security issues were fixed:
- CVE-2020-29373: Fixed an issue where kernel unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations (bsc#1179779).
- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032.
- CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877).
- CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
Ссылки
- Link for SUSE-SU-2021:0367-1
- E-Mail link for SUSE-SU-2021:0367-1
- SUSE Security Ratings
- SUSE Bug 1179664
- SUSE Bug 1179779
- SUSE Bug 1179877
- SUSE Bug 1180008
- SUSE Bug 1180030
- SUSE Bug 1180032
- SUSE Bug 1180562
- SUSE CVE CVE-2020-0465 page
- SUSE CVE CVE-2020-0466 page
- SUSE CVE CVE-2020-29368 page
- SUSE CVE CVE-2020-29373 page
- SUSE CVE CVE-2020-29569 page
- SUSE CVE CVE-2020-29660 page
- SUSE CVE CVE-2020-29661 page
- SUSE CVE CVE-2020-36158 page
Описание
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0465
- SUSE Bug 1180029
- SUSE Bug 1180030
Описание
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0466
- SUSE Bug 1180031
- SUSE Bug 1180032
- SUSE Bug 1199255
- SUSE Bug 1200084
Описание
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Затронутые продукты
Ссылки
- CVE-2020-29368
- SUSE Bug 1179428
- SUSE Bug 1179660
- SUSE Bug 1179664
Описание
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.
Затронутые продукты
Ссылки
- CVE-2020-29373
- SUSE Bug 1179434
- SUSE Bug 1179779
Описание
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
Затронутые продукты
Ссылки
- CVE-2020-29569
- SUSE Bug 1179509
- SUSE Bug 1180008
Описание
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Затронутые продукты
Ссылки
- CVE-2020-29660
- SUSE Bug 1179745
- SUSE Bug 1179877
Описание
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
Затронутые продукты
Ссылки
- CVE-2020-29661
- SUSE Bug 1179745
- SUSE Bug 1179877
- SUSE Bug 1214268
- SUSE Bug 1218966
Описание
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
Затронутые продукты
Ссылки
- CVE-2020-36158
- SUSE Bug 1180559
- SUSE Bug 1180562