| Description: |
The SUSE Linux Enterprise 12 SP3 Teradata kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem caused by mishandling invalid descriptors (bsc#1168854). - CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bsc#1168829). - CVE-2020-11494: Fixed an issue which could have allowed attackers to read uninitialized can_frame data, if the configuration lacks CONFIG_INIT_STACK_ALL (bsc#1168424). - CVE-2020-10942: Fixed an improper validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bsc#1167629). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9458: Fixed a use after free due to a race condition which could have led to local escalation of privilege with no additional execution privileges (bsc#1168295). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bsc#1120386). - CVE-2019-20636: Fixed an issue which could have allowed malicious devices to corrupt the kernel memory with bogus HID descriptors (bsc#1168075). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). - CVE-2017-12188: Fixed improper traverse pagetable entries for resolving a guest virtual address in kvm which could have allowed L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (bsc#1062604). - CVE-2020-10757: Fixed an issue where mremap hugepage mmaped DAX nvdimm may cause corrupted page table (bsc#1172317) - CVE-2020-12656: Fixed a memory leak in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation. the Linux kernel up to and including 5.6.10 lacks certain domain_release calls, leading to a memory leak. (bsc#1171219) - CVE-2020-12652: The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a 'double fetch' vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states 'The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power.' (bsc#1171218)
The following non-security bugs were fixed:
- random: always use batched entropy for get_random_u{32,64} (bsc#1164871).
|