openSUSE-SU-2019:2675

https://bugzilla.suse.com/show_bug.cgi?id=1157173

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10

https://github.com/torvalds/linux/commit/e13de8fe0d6a51341671bbe384826d527afe8d44

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0044 for details.

The remote OracleVM system is missing necessary patches to address critical security updates :

  - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB     devices (Tomas Bortoli) [Orabug: 31351221]     (CVE-2019-19535)

  - media: hdpvr: Fix an error handling path in hdpvr_probe     (Arvind Yadav) [Orabug: 31352053] (CVE-2017-16644)

  - fs/binfmt_misc.c: do not allow offset overflow (Thadeu     Lima de Souza Cascardo) [Orabug: 31588258] - clear inode     and truncate pages before enqueuing for async     inactivation (Gautham Ananthakrishna) [Orabug: 31744270]

  - mm: create alloc_last_chance debugfs entries (Mike     Kravetz) [Orabug: 31295499] - mm: perform 'last chance'     reclaim efforts before allocation failure (Mike Kravetz)     [Orabug: 31295499] - mm: let page allocation slowpath     retry 'order' times (Mike Kravetz) [Orabug: 31295499] -     fix kABI breakage from 'netns: provide pure entropy for     net_hash_mix' (Dan Duval) [Orabug: 31351904]     (CVE-2019-10638) (CVE-2019-10639)

  - netns: provide pure entropy for net_hash_mix (Eric     Dumazet) [Orabug: 31351904] (CVE-2019-10638)     (CVE-2019-10639)

  - hrtimer: Annotate lockless access to timer->base (Eric     Dumazet) [Orabug: 31380495] - rds: ib: Revert 'net/rds:
    Avoid stalled connection due to CM REQ retries'     (H&aring kon Bugge) [Orabug: 31648141] - rds: Clear     reconnect pending bit (H&aring kon Bugge) [Orabug:
    31648141] - RDMA/netlink: Do not always generate an ACK     for some netlink operations (H&aring kon Bugge) [Orabug:
    31666975] - genirq/proc: Return proper error code when     irq_set_affinity fails (Wen Yaxng) [Orabug: 31723450]

  - fs/binfmt_elf.c: allocate initialized memory in     fill_thread_core_info (Alexander Potapenko) [Orabug:
    31350639] (CVE-2020-10732)

  - crypto: user - fix memory leak in crypto_report (Navid     Emamdoost) [Orabug: 31351640] (CVE-2019-19062)

  - of: unittest: fix memory leak in unittest_data_add     (Navid Emamdoost) [Orabug: 31351702] (CVE-2019-19049)

  - IB/sa: Resolv use-after-free in ib_nl_make_request     (Divya Indi) [Orabug: 31656992] - net-sysfs: call     dev_hold if kobject_init_and_add success (YueHaibing)     [Orabug: 31687545] (CVE-2019-20811)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5837 advisory.

  - The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11     allows local users to cause a denial of service (improper error handling and system crash) or possibly     have unspecified other impact via a crafted USB device. (CVE-2017-16644)

  - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel     produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple     destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and     thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page     that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)

  - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel     address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel     image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and     ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash     collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This     key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via     enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the     attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled     IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic     is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the     attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP     addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to     have a dependency on an address associated with a network namespace. (CVE-2019-10639)

  - ** DISPUTED ** A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux     kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering     of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this     because unittest.c can only be reached during boot. (CVE-2019-19049)

  - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through     5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering     crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)

  - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device     in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. (CVE-2019-19535)

  - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and     netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
    (CVE-2019-20811)

  - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an     attacker with a local account to crash a trivial program and exfiltrate private kernel data.
    (CVE-2020-10732)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Description of changes:

[4.14.35-1902.305.4.el7uek]
- ptp: free ptp device pin descriptors properly (Vladis Dronov) [Orabug: 31710994]

[4.14.35-1902.305.3.el7uek]
- fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350638] {CVE-2020-10732}
- PCI: vmd: Filter resource type bits from shadow register (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add device id for VMD device 8086:9A0B (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Fix shadow offsets to reflect spec changes (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Fix config addressing when using bus offsets (Jon Derrick) [Orabug: 31674879]
- PCI/VMD: Configure MPS settings before adding devices (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add an additional VMD device id to driver device id table (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add offset to bus numbers if necessary (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Assign membar addresses from shadow registers (Jon Derrick) [Orabug: 31674879]
- PCI: Add Intel VMD devices to pci ids (Jon Derrick) [Orabug: 31674879]
- misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677099]
- kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694369]

[4.14.35-1902.305.2.el7uek]
- net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31445419] {CVE-2019-20811}
- vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur Arora) [Orabug: 31663632] {CVE-2020-12888} {CVE-2020-12888}
- crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351639] {CVE-2019-19062}
- iwlwifi: pcie: fix rb_allocator workqueue allocation (Johannes Berg) [Orabug: 31351807] {CVE-2019-16234}
- RDMA/netlink: Do not always generate an ACK for some netlink operations (H&aring kon Bugge) [Orabug: 31666974]
- Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358100]
- net: dsa: Do not leave DSA master with NULL netdev_ops (Allen Pais) [Orabug: 31038233]
- rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30358057]
- certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31555628]
- CIFS: dump IPC tcon in debug proc file (Aurelien Aptel) [Orabug: 31500374]
- CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (Aurelien Aptel) [Orabug: 31500374]
- CIFS: make IPC a regular tcon (Aurelien Aptel) [Orabug: 31500374]
- CIFS: don't log STATUS_NOT_FOUND errors for DFS (Aurelien Aptel) [Orabug: 31500374]
- efi: Restrict efivar_ssdt_load when the kernel is locked down (Matthew Garrett) [Orabug: 31643409] {CVE-2019-20908}
- uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug: 30646928]
- ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265319] {CVE-2019-19037} {CVE-2019-19037}
- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31631531]
- ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480605]
- ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480605]
- ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480605]
- ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480605]
- ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31480605]

[4.14.35-1902.305.1.el7uek]
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (Tony Luck) [Orabug: 31601132]
- libertas: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 31351822] {CVE-2019-16232}
- ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351013] {CVE-2019-19447}

[4.14.35-1902.305.0.el7uek]
- thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706]
- thermal: support for Marvell Octeon TX2 SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706]
- x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony Steinhauser) [Orabug: 31557902] {CVE-2020-10768}
- psi: Fix double free (Tom Hromatka) [Orabug: 31535640]
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} {CVE-2020-12888}
- vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Jiang Yi) [Orabug: 31439670] {CVE-2020-12888}
- vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439670] {CVE-2020-12888}
- vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439670] {CVE-2020-12888}
- of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351701] {CVE-2019-19049}

The SUSE Linux Enterprise 15 SP1 real-time kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).

CVE-2019-14895: A heap-based buffer overflow was discovered in the Marvell WiFi driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service or possibly execute arbitrary code (bnc#1157158).

CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157).

CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155).

CVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code (bnc#1157042).

CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).

CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. The check for the length of variable elements in a beacon head was insufficient, leading to a buffer overflow (bnc#1152107).

CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523).

CVE-2019-18660: An information disclosure bug occured because the Spectre-RSB mitigation were not in place for all applicable CPUs, aka CID-39e72bf96f58 (bnc#1157038).

CVE-2019-18683: Multiple race conditions were discovered in drivers/media/platform/vivid. It was exploitable for privilege escalation if local users had access to /dev/video0, but only if the driver happened to be loaded. At least one of these race conditions led to a use-after-free (bnc#1155897).

CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259).

CVE-2019-18809: A memory leak in drivers/media/usb/dvb-usb/af9005.c allowed attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559 (bnc#1156258).

CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692).

CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).

CVE-2019-19046: There was a memory leak in __ipmi_bmc_register (bsc#1157304).

CVE-2019-19049: There was an unlikely memory leak in unittest_data_add (bsc#1157173).

CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024).

CVE-2019-19052: A memory leak in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-fb5be6a7b486 (bnc#1157324).

CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518).

CVE-2019-19056: A memory leak in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-db8fd2cde932 (bnc#1157197).

CVE-2019-19057: Two memory leaks in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-d10dcb615c8e (bnc#1157193 bsc#1157197).

CVE-2019-19058: A memory leak in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause a denial of service (memory consumption), aka CID-b4b814fec1a5 (bnc#1157145).

CVE-2019-19060: A memory leak in drivers/iio/imu/adis_buffer.c allowed attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (bnc#1157178).

CVE-2019-19062: A memory leak in crypto/crypto_user_base.c allowed attackers to cause a denial of service (memory consumption), aka CID-ffdde5932042 (bnc#1157333).

CVE-2019-19063: Two memory leaks in drivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-3f9361695113 (bnc#1157298).

CVE-2019-19065: A memory leak in drivers/infiniband/hw/hfi1/sdma.c allowed attackers to cause a denial of service (memory consumption), aka CID-34b3be18a04e (bnc#1157191).

CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303).

CVE-2019-19067: There were four unlikely memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c (bnc#1157180).

CVE-2019-19068: A memory leak in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed attackers to cause a denial of service (memory consumption), aka CID-a2cdd07488e6 (bnc#1157307).

CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption), aka CID-853acf7caf10 (bnc#1157070).

CVE-2019-19074: A memory leak in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4 (bnc#1157143).

CVE-2019-19075: A memory leak in drivers/net/ieee802154/ca8210.c allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e (bnc#1157162).

CVE-2019-19077: A memory leak in drivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a denial of service (memory consumption), aka CID-4a9d46a9fe14 (bnc#1157171).

CVE-2019-19078: A memory leak in drivers/net/wireless/ath/ath10k/usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2 (bnc#1157032).

CVE-2019-19080: Four memory leaks in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a (bnc#1157044).

CVE-2019-19081: A memory leak in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a (bnc#1157045).

CVE-2019-19082: Memory leaks were found in the *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc, aka CID-104c307147ad (bnc#1157046).

CVE-2019-19083: Memory leaks were found in the *clock_source_create() functions under drivers/gpu/drm/amd/display/dc, aka CID-055e547478a1 (bnc#1157049).

CVE-2019-19227: In the AppleTalk subsystem there was a potential NULL pointer dereference because register_snap_client may return NULL. This could have led to denial of service, aka CID-9804501fa122 (bnc#1157678).

CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).

CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021).

CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827).

CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954).

CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819).

CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823).

CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413).

CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417).

CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893).

CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900).

CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407).

CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381).

CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410).

CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445).

CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824).

CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834).

CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398).

CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903).

CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394).

CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904).

CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).

CVE-2019-19767: There were multiple use-after-free errors in
__ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297).

CVE-2019-19927: A slab-out-of-bounds read access occured when mounting a crafted f2fs filesystem image and performing some operations on it (bnc#1160147).

CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911).

CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841).

CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910).

CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909).

CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908).

CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966).

CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-20095: mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c had some error-handling cases that did not free allocated hostcmd memory. This will cause a memory leak and denial of service (bnc#1159909).

CVE-2019-20054: Fixed a a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910).

CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908).

CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841).

CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819).

CVE-2019-19319: A setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021).

CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297).

CVE-2019-18808: A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259).

CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c where the length of variable elements in a beacon head were not checked, leading to a buffer overflow (bnc#1152107).

CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303).

CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024).

CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954).

CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827).

CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904).

CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).

CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900).

CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893).

CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).

CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824).

CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834).

CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).

CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).

CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).

CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417).

CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410).

CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).

CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413).

CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407).

CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).

CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381).

CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042).

CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).

CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).

CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded.
There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).

CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258).

CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure (bnc#1157304).

CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157032).

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).

CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307).

CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298).

CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678).

CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157045).

CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157044).

CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191).

CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).

CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).

CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180).

CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178).

CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173).

CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162).

CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145).

CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).

CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070).

CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157049).

CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157046).

CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448).

CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966).

CVE-2019-0155: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135967).

CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466).

CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187).

CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782).

CVE-2019-16995: In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685).

CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access (bnc#1139073).

CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457).

CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may have allowed an authenticated user to potentially enable denial of service of the host system via local access (bnc#1117665).

CVE-2019-10220: Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists (bnc#1144903).

CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (bnc#1154372).

CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465).

CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452).

CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158).

CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788).

CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation (bnc#1151350).

CVE-2017-18595: An issue was discovered in the Linux kernel A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).

CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1146042).

CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration (bnc#1150112).

CVE-2019-9456: Ther is an issue inside the USB monitor driver that can lead to a possible OOB write due to a missing bounds check (bnc#1150025).

CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt (bnc#1149713).

CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception (bnc#1149713).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux     kernel through 5.2.9 has a Double Free via crafted USB     device traffic (which may be remote via usbip or     usbredir).(CVE-2019-15504)

  - In the Linux kernel before 5.2.14, rds6_inc_info_copy     in net/rds/recv.c allows attackers to obtain sensitive     information from kernel stack memory because tos and     flags fields are not initialized.(CVE-2019-16714)

  - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel     5.2.14 does not check the alloc_workqueue return value,     leading to a NULL pointer dereference.(CVE-2019-16233)

  - An issue was discovered in the Linux kernel through     5.2.13. nbd_genl_status in drivers/block/nbd.c does not     check the nla_nest_start_noflag return     value.(CVE-2019-16089)

  - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC     network module in the Linux kernel through 5.3.2 does     not enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-3a359798b176.(CVE-2019-17056)

  - base_sock_create in drivers/isdn/mISDN/socket.c in the     AF_ISDN network module in the Linux kernel through     5.3.2 does not enforce CAP_NET_RAW, which means that     unprivileged users can create a raw socket, aka     CID-b91ee4aa2a21.(CVE-2019-17055)

  - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK     network module in the Linux kernel through 5.3.2 does     not enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-6cc03e8aa36c.(CVE-2019-17054)

  - ieee802154_create in net/ieee802154/socket.c in the     AF_IEEE802154 network module in the Linux kernel     through 5.3.2 does not enforce CAP_NET_RAW, which means     that unprivileged users can create a raw socket, aka     CID-e69dbd4619e7.(CVE-2019-17053)

  - ax25_create in net/ax25/af_ax25.c in the AF_AX25     network module in the Linux kernel through 5.3.2 does     not enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-0614e2b73768.(CVE-2019-17052)

  - An issue was discovered in write_tpt_entry in     drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel     through 5.3.2. The cxgb4 driver is directly calling     dma_map_single (a DMA function) from a stack variable.
    This could allow an attacker to trigger a Denial of     Service, exploitable if this driver is used on an     architecture for which this stack/DMA interaction has     security relevance.(CVE-2019-17075)

  - rtl_p2p_noa_ie in     drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux     kernel through 5.3.6 lacks a certain upper-bound check,     leading to a buffer overflow.(CVE-2019-17666)

  - In the Linux kernel through 5.3.2,     cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c     does not reject a long SSID IE, leading to a Buffer     Overflow.(CVE-2019-17133)

  - An issue was discovered in net/wireless/nl80211.c in     the Linux kernel through 5.2.17. It does not check the     length of variable elements in a beacon head, leading     to a buffer overflow.(CVE-2019-16746)

  - Insufficient access control in the Intel(R)     PROSet/Wireless WiFi Software driver before version     21.10 may allow an unauthenticated user to potentially     enable denial of service via adjacent     access.(CVE-2019-0136)

  - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the     Linux kernel 5.2.14 does not check the alloc_workqueue     return value, leading to a NULL pointer     dereference.(CVE-2019-16234)

  - A memory leak in the ql_alloc_large_buffers() function     in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux     kernel before 5.3.5 allows local users to cause a     denial of service (memory consumption) by triggering     pci_dma_mapping_error() failures, aka     CID-1acb8f2a7a9f.(CVE-2019-18806)

  - A memory leak in the dwc3_pci_probe() function in     drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through     5.3.9 allows attackers to cause a denial of service     (memory consumption) by triggering     platform_device_add_properties() failures, aka     CID-9bbfceea12a8.(CVE-2019-18813)

  - A memory leak in the af9005_identify_state() function     in drivers/media/usb/dvb-usb/af9005.c in the Linux     kernel through 5.3.9 allows attackers to cause a denial     of service (memory consumption), aka     CID-2289adbfa559.(CVE-2019-18809)

  - A memory leak in the ccp_run_sha_cmd() function in     drivers/crypto/ccp/ccp-ops.c in the Linux kernel     through 5.3.9 allows attackers to cause a denial of     service (memory consumption), aka     CID-128c66429247.(CVE-2019-18808)

  - A memory leak in the bfad_im_get_stats() function in     drivers/scsi/bfa/bfad_attr.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of     service (memory consumption) by triggering     bfa_port_get_stats() failures, aka     CID-0e62395da2bd.(CVE-2019-19066)

  - A memory leak in the ath9k_wmi_cmd() function in     drivers/net/wireless/ath/ath9k/wmi.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption), aka     CID-728c1e2a05e4.(CVE-2019-19074)

  - A vulnerability in the web server of Cisco Integrated     Management Controller (IMC) could allow an     authenticated, remote attacker to set sensitive     configuration values and gain elevated privileges. The     vulnerability is due to improper handling of substring     comparison operations that are performed by the     affected software. An attacker could exploit this     vulnerability by sending a crafted HTTP request to the     affected software. A successful exploit could allow the     attacker with read-only privileges to gain     administrator privileges.(CVE-2019-19073)

  - Two memory leaks in the rtl_usb_probe() function in     drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux     kernel through 5.3.11 allow attackers to cause a denial     of service (memory consumption), aka     CID-3f9361695113.(CVE-2019-19063)

  - Two memory leaks in the mwifiex_pcie_init_evt_ring()     function in drivers/net/wireless/marvell/mwifiex/pcie.c     in the Linux kernel through 5.3.11 allow attackers to     cause a denial of service (memory consumption) by     triggering mwifiex_map_pci_memory() failures, aka     CID-d10dcb615c8e.(CVE-2019-19057)

  - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()     function in drivers/net/wireless/marvell/mwifiex/pcie.c     in the Linux kernel through 5.3.11 allows attackers to     cause a denial of service (memory consumption) by     triggering mwifiex_map_pci_memory() failures, aka     CID-db8fd2cde932.(CVE-2019-19056)

  - A memory leak in the gs_can_open() function in     drivers/net/can/usb/gs_usb.c in the Linux kernel before     5.3.11 allows attackers to cause a denial of service     (memory consumption) by triggering usb_submit_urb()     failures, aka CID-fb5be6a7b486.(CVE-2019-19052)

  - An issue was discovered in the Linux kernel through     5.3.9. There is a use-after-free when aa_label_parse()     fails in aa_audit_rule_init() in     security/apparmor/audit.c.(CVE-2019-18814)

  - Memory leaks in *clock_source_create() functions under     drivers/gpu/drm/amd/display/dc in the Linux kernel     before 5.3.8 allow attackers to cause a denial of     service (memory consumption). This affects the     dce112_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c     , the dce100_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c     , the dcn10_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,     the dcn20_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c,     the dce120_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c     , the dce110_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c     , and the dce80_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c,     aka CID-055e547478a1.(CVE-2019-19083)

  - Memory leaks in *create_resource_pool() functions under     drivers/gpu/drm/amd/display/dc in the Linux kernel     through 5.3.11 allow attackers to cause a denial of     service (memory consumption). This affects the     dce120_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c     , the dce110_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c     , the dce100_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c     , the dcn10_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,     and the dce112_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c     , aka CID-104c307147ad.(CVE-2019-19082)

  - A memory leak in the nfp_flower_spawn_vnic_reprs()     function in     drivers/net/ethernet/netronome/nfp/flower/main.c in the     Linux kernel before 5.3.4 allows attackers to cause a     denial of service (memory consumption), aka     CID-8ce39eb5a67a.(CVE-2019-19081)

  - Four memory leaks in the nfp_flower_spawn_phy_reprs()     function in     drivers/net/ethernet/netronome/nfp/flower/main.c in the     Linux kernel before 5.3.4 allow attackers to cause a     denial of service (memory consumption), aka     CID-8572cea1461a.(CVE-2019-19080)

  - A memory leak in the qrtr_tun_write_iter() function in     net/qrtr/tun.c in the Linux kernel before 5.3 allows     attackers to cause a denial of service (memory     consumption), aka CID-a21b7f0cff19.(CVE-2019-19079)

  - A memory leak in the ath10k_usb_hif_tx_sg() function in     drivers/net/wireless/ath/ath10k/usb.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     usb_submit_urb() failures, aka     CID-b8d17e7d93d2.(CVE-2019-19078)

  - A memory leak in the bnxt_re_create_srq() function in     drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     copy to udata failures, aka     CID-4a9d46a9fe14.(CVE-2019-19077)

  - A memory leak in the ca8210_probe() function in     drivers/net/ieee802154/ca8210.c in the Linux kernel     before 5.3.8 allows attackers to cause a denial of     service (memory consumption) by triggering     ca8210_get_platform_data() failures, aka     CID-6402939ec86e.(CVE-2019-19075)

  - A memory leak in the rsi_send_beacon() function in     drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     rsi_prepare_beacon() failures, aka     CID-d563131ef23c.(CVE-2019-19071)

  - A memory leak in the rtl8xxxu_submit_int_urb() function     in     drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c     in the Linux kernel through 5.3.11 allows attackers to     cause a denial of service (memory consumption) by     triggering usb_submit_urb() failures, aka     CID-a2cdd07488e6.(CVE-2019-19068)

  - ** DISPUTED ** Four memory leaks in the acp_hw_init()     function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in     the Linux kernel before 5.3.8 allow attackers to cause     a denial of service (memory consumption) by triggering     mfd_add_hotplug_devices() or pm_genpd_add_device()     failures, aka CID-57be09c6e874. NOTE: third parties     dispute the relevance of this because the attacker must     already have privileges for module     loading.(CVE-2019-19067)

  - A memory leak in the sdma_init() function in     drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel     before 5.3.9 allows attackers to cause a denial of     service (memory consumption) by triggering     rhashtable_init() failures, aka     CID-34b3be18a04e.(CVE-2019-19065)

  - Multiple memory leaks in the     iwl_pcie_ctxt_info_gen3_init() function in     drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.
    c in the Linux kernel through 5.3.11 allow attackers to     cause a denial of service (memory consumption) by     triggering iwl_pcie_init_fw_sec() or     dma_alloc_coherent() failures, aka     CID-0f4f199443fa.(CVE-2019-19059)

  - A memory leak in the alloc_sgtable() function in     drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the     Linux kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     alloc_page() failures, aka     CID-b4b814fec1a5.(CVE-2019-19058)

  - A memory leak in the i2400m_op_rfkill_sw_toggle()     function in drivers/net/wimax/i2400m/op-rfkill.c in the     Linux kernel before 5.3.11 allows attackers to cause a     denial of service (memory consumption), aka     CID-6f3ef5c25cc7.(CVE-2019-19051)

  - A memory leak in the mlx5_fpga_conn_create_cq()     function in     drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in     the Linux kernel before 5.3.11 allows attackers to     cause a denial of service (memory consumption) by     triggering mlx5_vector2eqn() failures, aka     CID-c8c2a057fdc7.(CVE-2019-19045)

  - A memory leak in the predicate_parse() function in     kernel/trace/trace_events_filter.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of     service (memory consumption), aka     CID-96c5c6e6a5b6.(CVE-2019-19072)

  - ** DISPUTED ** A memory leak in the spi_gpio_probe()     function in drivers/spi/spi-gpio.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of     service (memory consumption) by triggering     devm_add_action_or_reset() failures, aka     CID-d3b0ffa1d75d. NOTE: third parties dispute the     relevance of this because the system must have already     been out of memory before the probe     began.(CVE-2019-19070)

  - ** DISPUTED ** A memory leak in the unittest_data_add()     function in drivers/of/unittest.c in the Linux kernel     before 5.3.10 allows attackers to cause a denial of     service (memory consumption) by triggering     of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.
    NOTE: third parties dispute the relevance of this     because unittest.c can only be reached during     boot.(CVE-2019-19049)

  - In the Linux kernel through 5.3.8, f->fmt.sdr.reserved     is uninitialized in rcar_drif_g_fmt_sdr_cap in     drivers/media/platform/rcar_drif.c, which could cause a     memory disclosure problem.(CVE-2019-18786)

  - A memory leak in the cx23888_ir_probe() function in     drivers/media/pci/cx23885/cx23888-ir.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     kfifo_alloc() failures, aka     CID-a7b2df76b42b.(CVE-2019-19054)

  - An issue was discovered in drivers/media/platform/vivid     in the Linux kernel through 5.3.8. It is exploitable     for privilege escalation on some Linux distributions     where local users have /dev/video0 access, but only if     the driver happens to be loaded. There are multiple     race conditions during streaming stopping in this     driver (part of the V4L2 subsystem). These issues are     caused by wrong mutex locking in     vivid_stop_generating_vid_cap(),     vivid_stop_generating_vid_out(),     sdr_cap_stop_streaming(), and the corresponding     kthreads. At least one of these race conditions leads     to a use-after-free.(CVE-2019-18683)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-19767: Fixed ext4_expand_extra_isize mishandles, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297).

CVE-2019-18808: Fixed a memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259).

CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303).

CVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c that allowed attackers to cause a denial of service (memory consumption) (bnc#1159024).

CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bsc#1158954).

CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827).

CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904).

CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).

CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900).

CVE-2019-19526: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893).

CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).

CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824).

CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823).

CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).

CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).

CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).

CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417).

CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410).

CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).

CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413).

CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407).

CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).

CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381).

CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042).

CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).

CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).

CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded.
There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).

CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258).

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).

CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307).

CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298).

CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678).

CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191).

CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).

CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).

CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180).

CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178).

CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173).

CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162).

CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145).

CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).

CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070).

CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448).

CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466).

CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187).

CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).

CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).

CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded.
There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).

CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258).

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).

CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307).

CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298).

CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678).

CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191).

CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).

CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).

CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180).

CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178).

CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173).

CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162).

CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145).

CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).

CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070).

CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448).

CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466).

CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187).

CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).

CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).

CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417).

CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410).

CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).

CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413).

CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407).

CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).

CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381).

CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042).

CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).

CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).

CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded.
There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).

CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258).

CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure (bnc#1157304).

CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157032).

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).

CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307).

CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298).

CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678).

CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157045).

CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157044).

CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191).

CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).

CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).

CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180).

CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178).

CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173).

CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162).

CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145).

CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).

CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070).

CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c (bnc#1157049).

CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c (bnc#1157046).

CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448).

CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966).

CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466).

CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187).

CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP4 kernel-azure was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024).

CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954).

CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827).

CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904).

CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).

CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900).

CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893).

CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).

CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824).

CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834).

CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).

CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).

CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).

CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417).

CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410).

CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).

CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413).

CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407).

CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).

CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381).

CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042).

CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).

CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).

CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded.
There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).

CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258).

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).

CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307).

CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298).

CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678).

CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191).

CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).

CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).

CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180).

CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178).

CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173).

CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162).

CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145).

CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).

CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070).

CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448).

CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966).

CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-19081: Fixed a memory leak in the nfp_flower_spawn_vnic_reprs() could have allowed attackers to cause a denial of service (bsc#1157045).

CVE-2019-19080: Fixed four memory leaks in the nfp_flower_spawn_phy_reprs() could have allowed attackers to cause a denial of service (bsc#1157044).

CVE-2019-19052: Fixed a memory leak in the gs_can_open() which could have led to denial of service (bsc#1157324).

CVE-2019-19067: Fixed multiple memory leaks in acp_hw_init (bsc#1157180).

CVE-2019-19060: Fixed a memory leak in the adis_update_scan_mode() which could have led to denial of service (bsc#1157178).

CVE-2019-19049: Fixed a memory leak in unittest_data_add (bsc#1157173).

CVE-2019-19075: Fixed a memory leak in the ca8210_probe() which could have led to denial of service by triggering ca8210_get_platform_data() failures (bsc#1157162).

CVE-2019-19058: Fixed a memory leak in the alloc_sgtable() which could have led to denial of service by triggering alloc_page() failures (bsc#1157145).

CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd() function which could have led to denial of service (bsc#1157143).

CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c which could have led to denial of service by triggering wait_for_completion_timeout() failures (bsc#1157070).

CVE-2019-19083: Fixed multiple memory leaks in *clock_source_create() functions which could have led to denial of service (bsc#1157049).

CVE-2019-19082: Fixed multiple memory leaks in *create_resource_pool() which could have led to denial of service (bsc#1157046).

CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448).

CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966).

CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967).

CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466).

CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187).

CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782).

CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685).

CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference.
(bsc#1150457).

CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903)

CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).

CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).

CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's kvm hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).

CVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555).

CVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865).

CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112).

CVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025).

CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt (bsc#1149713).

CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).

CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559 (bnc#1156258).

CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2 (bnc#1157032).

CVE-2019-18660: The Linux kernel on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).

CVE-2019-14895: A heap-based buffer overflow was discovered in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).

CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e (bnc#1157191).

CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e (bnc#1157193).

CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932 (bnc#1157197).

CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113 (bnc#1157298).

CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c allow attackers to cause a denial of service (bsc#1157304).

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6 (bnc#1157307).

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042 (bnc#1157333).

CVE-2019-19227: In the AppleTalk subsystem, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122 (bnc#1157678).

CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.

The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).

The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
141374	OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)	Nessus	OracleVM Local Security Checks	critical
140361	OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0041)	Nessus	OracleVM Local Security Checks	high
140208	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5837)	Nessus	Oracle Linux Local Security Checks	high
139476	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5804)	Nessus	Oracle Linux Local Security Checks	high
134363	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)	Nessus	SuSE Local Security Checks	critical
132925	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)	Nessus	SuSE Local Security Checks	critical
132796	EulerOS Virtualization for ARM 64 3.0.5.0 : kernel (EulerOS-SA-2020-1042)	Nessus	Huawei Local Security Checks	critical
132605	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1012)	Nessus	Huawei Local Security Checks	critical
132394	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1)	Nessus	SuSE Local Security Checks	critical
132389	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:3371-1)	Nessus	SuSE Local Security Checks	high
132237	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3317-1)	Nessus	SuSE Local Security Checks	critical
132236	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3316-1)	Nessus	SuSE Local Security Checks	critical
132032	openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)	Nessus	SuSE Local Security Checks	critical
131833	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1)	Nessus	SuSE Local Security Checks	high

CVE-2019-19049

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high

high

high

critical

critical

critical

critical

critical

high

critical

critical

critical

high