Security update for the Linux Kernel

Announcement ID: SUSE-SU-2020:1142-1
Rating: important
CVSS scores:
  • CVE-2018-20836 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
  • CVE-2018-20836 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-20836 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-19768 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2019-19768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-19770 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2019-19770 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • CVE-2019-3701 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3701 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-9458 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-9458 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-10942 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-10942 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2020-11494 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2020-11494 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-11669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-11669 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-2732 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVE-2020-2732 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2020-8647 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2020-8647 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2020-8649 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2020-8649 ( NVD ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-8834 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-8834 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-9383 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-9383 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 12 SP5
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Software Development Kit 12 SP5
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves 13 vulnerabilities and has 157 security fixes can now be installed.


The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276).
  • CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
  • CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
  • CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
  • CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
  • CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).
  • CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
  • CVE-2020-2732: Fixed an issue where under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971).
  • CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929 1164078).
  • CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162929 1162931).
  • CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111).
  • CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).
  • CVE-2018-20836: Fixed an issue where a race condition in smp_task_timedout() and smp_task_done() cloud lead to a use-after-free (bnc#1134395).

The following non-security bugs were fixed:

  • ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
  • ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
  • ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013).
  • ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
  • ALSA: core: Add snd_device_get_state() helper (bsc#1051510).
  • ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
  • ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard (bsc#1051510).
  • ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: hda: default enable CA0132 DSP support (bsc#1051510).
  • ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
  • ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666).
  • ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).
  • ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666).
  • ALSA: hda/realtek - a fake key event is triggered by running shutup (bsc#1051510).
  • ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).
  • ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).
  • ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 (git-fixes).
  • ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).
  • ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 (git-fixes).
  • ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666).
  • ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666).
  • ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
  • ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666).
  • ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes).
  • ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups (bsc#1051510).
  • ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510).
  • ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
  • ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
  • ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
  • ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
  • ALSA: info: remove redundant assignment to variable c (bsc#1051510).
  • ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
  • ALSA: line6: Fix endless MIDI read loop (git-fixes).
  • ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510).
  • ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510).
  • ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
  • ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
  • ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes).
  • ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write (bsc#1051510).
  • ALSA: pcm: Use a macro for parameter masks to reduce the needed cast (bsc#1051510).
  • ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
  • ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
  • ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).
  • ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666).
  • ALSA: usb-audio: Add delayed_register option (bsc#1051510).
  • ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).
  • ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666).
  • ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510).
  • ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666).
  • ALSA: usb-audio: App