| Description: |
The SUSE Linux Enterprise Server 12 SP3 Kernel for Teradata was updated to receive the following fixes:
The following security issues have been fixed:
- CVE-2020-14386: Linux Kernel could allow a local malicious user to gain elevated privileges on the system, caused by a memory corruption flaw in the tpacket_rcv function in af_packet.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges as root (bsc#1176069)
- CVE-2020-14314: ext4: fix potential negative array index in do_split() (bsc#1173798)
- CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107)
- CVE-2020-16166: The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c (bsc#1174757)
- CVE-2020-14331: Linux Kernel could allow a local authenticated malicious user to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the implementation of the invert video code on VGA consoles. By sending a specially-crafted request to resize the console, an authenticated attacker could exploit this vulnerability to gain elevated privileges or crash the system (bsc#1174205)
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and previous versions may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bsc#1171988)
- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed (bsc#1174462)
- CVE-2020-12771: An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bsc#1171732)
- CVE-2020-10773: In function cmm_timeout_hander in file arch/s390/mm/cmm.c, there is a logic error which set null byte too far away from user input which means user input won't be null terminated. And then, kernel stack data will be concatenated with user input and be processed. By querying the result, attacker is able to see the kernel data. This is linux kernel stack information leak on s390/s390x (and it is actual both for s390, ppc64 and ppc64le platforms) (bsc#1172999)
- CVE-2020-14416: In the Linux kernel prior to 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bsc#1162002)
- CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions prior to 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service (bsc#1171191)
- CVE-2020-10751: It exists that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory) (bsc#1171189)
- CVE-2020-13974: An issue exists in the Linux kernel up to and including 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bsc#1172775)
- CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel prior to 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bsc#1172458)
- CVE-2019-20812: An issue exists in the Linux kernel prior to 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bsc#1172453)
- CVE-2020-10732: Linux Kernel could allow a local authenticated malicious user to obtain sensitive information, caused by a flaw in the implementation of Userspace core dumps. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a program to crash (bsc#1171220)
The following non-security issues or improvements have been addressed:
- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691) - udp: drop corrupt packets earlier to avoid data corruption (bsc#1173658) - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115) - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618) - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618) - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620) - x86/hyperv: Allow guests to enable InvariantTSC (bsc#1170620) - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985) - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984) - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873)
|