Описание
Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94_116 fixes several issues.
The following security issues were fixed:
- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032.
- CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2021:0408-1
- E-Mail link for SUSE-SU-2021:0408-1
- SUSE Security Ratings
- SUSE Bug 1179877
- SUSE Bug 1180008
- SUSE Bug 1180030
- SUSE Bug 1180032
- SUSE Bug 1180562
- SUSE CVE CVE-2020-0465 page
- SUSE CVE CVE-2020-0466 page
- SUSE CVE CVE-2020-29569 page
- SUSE CVE CVE-2020-29660 page
- SUSE CVE CVE-2020-29661 page
- SUSE CVE CVE-2020-36158 page
Описание
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0465
- SUSE Bug 1180029
- SUSE Bug 1180030
Описание
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0466
- SUSE Bug 1180031
- SUSE Bug 1180032
- SUSE Bug 1199255
- SUSE Bug 1200084
Описание
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
Затронутые продукты
Ссылки
- CVE-2020-29569
- SUSE Bug 1179509
- SUSE Bug 1180008
Описание
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Затронутые продукты
Ссылки
- CVE-2020-29660
- SUSE Bug 1179745
- SUSE Bug 1179877
Описание
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
Затронутые продукты
Ссылки
- CVE-2020-29661
- SUSE Bug 1179745
- SUSE Bug 1179877
- SUSE Bug 1214268
- SUSE Bug 1218966
Описание
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
Затронутые продукты
Ссылки
- CVE-2020-36158
- SUSE Bug 1180559
- SUSE Bug 1180562