Security update for the Linux Kernel

Announcement ID: SUSE-SU-2020:1118-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-20836 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
  • CVE-2018-20836 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-20836 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-19768 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2019-19768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-19770 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2019-19770 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • CVE-2019-3701 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3701 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-9458 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-9458 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-10942 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-10942 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2020-11494 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2020-11494 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-11669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-11669 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-8647 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2020-8647 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2020-8649 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2020-8649 ( NVD ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-8834 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-8834 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-9383 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-9383 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 12 vulnerabilities and has 139 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276).
  • CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
  • CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
  • CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
  • CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
  • CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).
  • CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
  • CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).
  • CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931).
  • CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111).
  • CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).
  • CVE-2018-20836: Fixed an issue where a race condition in smp_task_timedout() and smp_task_done() could lead to a use-after-free (bnc#1134395).

The following non-security bugs were fixed:

  • ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
  • ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
  • ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013).
  • ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
  • ALSA: core: Add snd_device_get_state() helper (bsc#1051510).
  • ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
  • ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard (bsc#1051510).
  • ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: hda: default enable CA0132 DSP support (bsc#1051510).
  • ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
  • ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666).
  • ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).
  • ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666).
  • ALSA: hda/realtek - a fake key event is triggered by running shutup (bsc#1051510).
  • ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).
  • ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).
  • ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 (git-fixes).
  • ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).
  • ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 (git-fixes).
  • ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666).
  • ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666).
  • ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
  • ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666).
  • ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups (bsc#1051510).
  • ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510).
  • ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
  • ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
  • ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
  • ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
  • ALSA: info: remove redundant assignment to variable c (bsc#1051510).
  • ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
  • ALSA: line6: Fix endless MIDI read loop (git-fixes).
  • ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510).
  • ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510).
  • ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
  • ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
  • ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes).
  • ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write (bsc#1051510).
  • ALSA: pcm: Use a macro for parameter masks to reduce the needed cast (bsc#1051510).
  • ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
  • ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
  • ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).
  • ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666).
  • ALSA: usb-audio: Add delayed_register option (bsc#1051510).
  • ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).
  • ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666).
  • ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510).
  • ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666).
  • ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) (bsc#1051510).
  • ALSA: usb-audio: Do not create a mixer element with bogus volume range (bsc#1051510).
  • ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor (bsc#1051510).
  • ALSA: usb-audio: fix Corsair Virtuoso mixer label collision (bsc#1111666).
  • ALSA: usb-audio: Fix mixer controls' USB interface for Kingston HyperX Amp (0951:16d8) (bsc#1051510).
  • ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666).
  • ALSA: usb-audio: Inform devices that need delayed registration (bsc#1051510).
  • ALSA: usb-audio: Parse source ID of UAC2 effect unit (bsc#1051510).
  • ALSA: usb-audio: Rewrite registration quirk handling (bsc#1051510).
  • ALSA: usb-audio: unlock on error in probe (bsc#1111666).
  • ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666).
  • ALSA: usb-midi: Replace zero-length array with flexible-array member (bsc#1051510).
  • ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510).
  • ALSA: usx2y: use for_each_pcm_streams() macro (bsc#1051510).
  • ALSA: via82xx: Fix endianness annotations (bsc#1051510).
  • amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956)
  • apei/ghes: Do not delay GHES polling (bsc#1166982).
  • ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510).
  • ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510).
  • ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510).
  • ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510).
  • ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510).
  • ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510).
  • ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510).
  • ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510).
  • ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510).
  • ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510).
  • ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510).
  • atm: zatm: Fix empty body Clang warnings (bsc#1051510).
  • atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003).
  • b43legacy: Fix -Wcast-function-type (bsc#1051510).
  • batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510).
  • batman-adv: Do not schedule OGM for disabled interface (bsc#1051510).
  • batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510).
  • bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762).
  • bcache: add code comments for state->pool in __btree_sort() (bsc#1163762).
  • bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762).
  • bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762).
  • bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762).
  • bcache: add more accurate error messages in read_super() (bsc#1163762).
  • bcache: add readahead cache policy options via sysfs interface (bsc#1163762).
  • bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762).
  • bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762).
  • bcache: check return value of prio_read() (bsc#1163762).
  • bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762).
  • bcache: do not export symbols (bsc#1163762).
  • bcache: explicity type cast in bset_bkey_last() (bsc#1163762).
  • bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762).
  • bcache: Fix an error code in bch_dump_read() (bsc#1163762).
  • bcache: fix deadlock in bcache_allocator (bsc#1163762).
  • bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762).
  • bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762).
  • bcache: fix static checker warning in bcache_device_free() (bsc#1163762).
  • bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504).
  • bcache: print written and keys in trace_bcache_btree_write (bsc#1163762).
  • bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762).
  • bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762).
  • bcache: remove macro nr_to_fifo_front() (bsc#1163762).
  • bcache: remove member accessed from struct btree (bsc#1163762).
  • bcache: remove the extra cflags for request.o (bsc#1163762).
  • bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" (bsc#1163762, bsc#1112504).
  • binfmt_elf: Do not move brk for INTERP-less ET_EXEC (bsc#1169013).
  • binfmt_elf: move brk out of mmap when doing direct loader exec (bsc#1169013).
  • blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
  • blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316).
  • blktrace: fix dereference after null check (bsc#1159285).
  • blktrace: fix trace mutex deadlock (bsc#1159285).
  • block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142).
  • block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760).
  • block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762).
  • Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510).
  • bnxt_en: Fix NTUPLE firmware command failures (bsc#1104745 ).
  • bnxt_en: Fix TC queue mapping (networking-stable-20_02_05).
  • bnxt_en: Improve device shutdown method (bsc#1104745 ).
  • bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs (bsc#1134090 jsc#SLE-5954).
  • bnxt_en: Support all variants of the 5750X chip family (bsc#1167216).
  • bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09).
  • bpf: Explicit