Описание
Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-197_78 fixes several issues.
The following security issues were fixed:
- CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008).
- CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP5
SUSE Linux Enterprise Live Patching 15 SP1
Ссылки
- Link for SUSE-SU-2021:0386-1
- E-Mail link for SUSE-SU-2021:0386-1
- SUSE Security Ratings
- SUSE Bug 1179664
- SUSE Bug 1180008
- SUSE CVE CVE-2020-29368 page
- SUSE CVE CVE-2020-29569 page
Описание
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Затронутые продукты
Ссылки
- CVE-2020-29368
- SUSE Bug 1179428
- SUSE Bug 1179660
- SUSE Bug 1179664
Описание
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
Затронутые продукты
Ссылки
- CVE-2020-29569
- SUSE Bug 1179509
- SUSE Bug 1180008