openSUSE-SU-2020:0801

https://source.android.com/security/bulletin/pixel/2019-09-01

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4431 advisory.

  - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c     causing denial of service (CVE-2019-12614)

  - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)

  - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)

  - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)

  - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)

  - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)

  - kernel: memory leak in  af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c     (CVE-2019-18809)

  - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c     (CVE-2019-19046)

  - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in     drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)

  - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS     (CVE-2019-19062)

  - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c     allow for a DoS (CVE-2019-19063)

  - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in     drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)

  - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a     DoS (CVE-2019-19072)

  - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)

  - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)

  - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a     use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)

  - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)

  - kernel: information leak bug caused  by a malicious USB device in the drivers/media/usb/ttusb-     dec/ttusb_dec.c (CVE-2019-19533)

  - kernel: race condition caused by a malicious USB device in the USB character device driver layer     (CVE-2019-19537)

  - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)

  - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c     and fs/ext4/super.c (CVE-2019-19767)

  - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)

  - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)

  - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)

  - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure     (CVE-2019-9455)

  - kernel: use after free due to race condition in the video driver leads to local privilege escalation     (CVE-2019-9458)

  - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)

  - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)

  - kernel: SELinux netlink permission check bypass (CVE-2020-10751)

  - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)

  - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features     (CVE-2020-10774)

  - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)

  - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)

  - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)

  - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c     (CVE-2020-12465)

  - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)

  - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data     coruption (CVE-2020-12659)

  - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)

  - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)

  - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)

  - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)

  - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)

  - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c     (CVE-2020-8649)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4431 advisory.

  - kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c     causing denial of service (CVE-2019-12614)

  - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)

  - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)

  - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)

  - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)

  - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)

  - kernel: memory leak in  af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c     (CVE-2019-18809)

  - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c     (CVE-2019-19046)

  - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in     drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)

  - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS     (CVE-2019-19062)

  - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c     allow for a DoS (CVE-2019-19063)

  - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in     drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)

  - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a     DoS (CVE-2019-19072)

  - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)

  - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)

  - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a     use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)

  - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)

  - kernel: information leak bug caused  by a malicious USB device in the drivers/media/usb/ttusb-     dec/ttusb_dec.c (CVE-2019-19533)

  - kernel: race condition caused by a malicious USB device in the USB character device driver layer     (CVE-2019-19537)

  - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)

  - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c     and fs/ext4/super.c (CVE-2019-19767)

  - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)

  - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)

  - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)

  - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure     (CVE-2019-9455)

  - kernel: use after free due to race condition in the video driver leads to local privilege escalation     (CVE-2019-9458)

  - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)

  - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)

  - kernel: SELinux netlink permission check bypass (CVE-2020-10751)

  - kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)

  - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features     (CVE-2020-10774)

  - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)

  - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)

  - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)

  - kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c     (CVE-2020-12465)

  - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)

  - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data     coruption (CVE-2020-12659)

  - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)

  - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)

  - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)

  - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)

  - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)

  - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c     (CVE-2020-8649)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4609 advisory.

  - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)

  - kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)

  - kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)

  - kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)

  - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)

  - kernel: memory leak in  af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c     (CVE-2019-18809)

  - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c     (CVE-2019-19046)

  - kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in     drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS (CVE-2019-19056)

  - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS     (CVE-2019-19062)

  - kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c     allow for a DoS (CVE-2019-19063)

  - kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in     drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS (CVE-2019-19068)

  - kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a     DoS (CVE-2019-19072)

  - kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319)

  - Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)

  - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a     use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)

  - kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)

  - kernel: information leak bug caused  by a malicious USB device in the drivers/media/usb/ttusb-     dec/ttusb_dec.c (CVE-2019-19533)

  - kernel: race condition caused by a malicious USB device in the USB character device driver layer     (CVE-2019-19537)

  - kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (CVE-2019-19543)

  - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c     and fs/ext4/super.c (CVE-2019-19767)

  - kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c (CVE-2019-19770)

  - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)

  - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)

  - kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure     (CVE-2019-9455)

  - kernel: use after free due to race condition in the video driver leads to local privilege escalation     (CVE-2019-9458)

  - kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305)

  - kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)

  - kernel: SELinux netlink permission check bypass (CVE-2020-10751)

  - kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features     (CVE-2020-10774)

  - kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)

  - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)

  - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)

  - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)

  - kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data     coruption (CVE-2020-12659)

  - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)

  - kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)

  - kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)

  - kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)

  - kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)

  - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  - kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c     (CVE-2020-8649)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988).

CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).

CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).

CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074).

CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).

CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514).

CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).

CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).

CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).

CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).

CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).

CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781).

CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782).

CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783).

CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775).

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20806: Fixed a NULL pointer dereference which may had lead to denial of service (bsc#1172199).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 15 kernel was updated receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-9383: Fixed an out-of-bounds read due to improper error condition check of FDC index (bsc#1165111).

CVE-2020-8992: Fixed an issue which could have allowed attackers to cause a soft lockup via a crafted journal size (bsc#1164069).

CVE-2020-8834: Fixed a stack corruption which could have lead to kernel panic (bsc#1168276).

CVE-2020-8649: Fixed a use-after-free in the vgacon_invert_region function in drivers/video/console/vgacon.c (bsc#1162931).

CVE-2020-8648: Fixed a use-after-free in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928).

CVE-2020-8647: Fixed a use-after-free in the vc_do_resize function in drivers/tty/vt/vt.c (bsc#1162929).

CVE-2020-8428: Fixed a use-after-free which could have allowed local users to cause a denial of service (bsc#1162109).

CVE-2020-7053: Fixed a use-after-free in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c (bsc#1160966).

CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).

CVE-2020-11609: Fixed a NULL pointer dereference due to improper handling of descriptors (bsc#1168854).

CVE-2020-11608: Fixed a NULL pointer dereferences via a crafted USB (bsc#1168829).

CVE-2020-11494: Fixed an issue which could have allowed attackers to read uninitialized can_frame data (bsc#1168424).

CVE-2020-10942: Fixed a kernel stack corruption via crafted system calls (bsc#1167629).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9458: Fixed a use after free due to a race condition which could have led to privilege escalation of privilege (bsc#1168295).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bsc#1120386).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20810: Fixed a memory leak in due to not calling of snd_card_free (bsc#1172458).

CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which could have caused denial of service (bsc#1159908).

CVE-2019-20095: Fixed an improper error-handling cases that did not free allocated hostcmd memory which was causing memory leak (bsc#1159909).

CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bsc#1159910).

CVE-2019-19966: Fixed a use-after-free in cpia2_exit() which could have caused denial of service (bsc#1159841).

CVE-2019-19965: Fixed a NULL pointer dereference, due to mishandling of port disconnection during discovery (bsc#1159911).

CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).

CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bsc#1159285).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2019-19447: Fixed a user after free via a crafted ext4 filesystem image (bsc#1158819).

CVE-2019-19319: Fixed a user after free when a large old_size value is used in a memset call (bsc#1158021).

CVE-2019-19318: Fixed a use after free via a crafted btrfs image (bsc#1158026).

CVE-2019-19054: Fixed a memory leak in the cx23888_ir_probe() which could have allowed attackers to cause a denial of service (bsc#1161518).

CVE-2019-19045: Fixed a memory leak in which could have allowed attackers to cause a denial of service (bsc#1161522).

CVE-2019-19036: Fixed a NULL pointer dereference in btrfs_root_node (bsc#1157692).

CVE-2019-16994: Fixed a memory leak which might have caused denial of service (bsc#1161523).

CVE-2019-14897: Fixed a stack overflow in Marvell Wifi Driver (bsc#1157155).

CVE-2019-14896: Fixed a heap overflow in Marvell Wifi Driver (bsc#1157157).

CVE-2019-14615: Fixed an improper control flow in certain data structures which could have led to information disclosure (bsc#1160195).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20806: Fixed a NULL pointer dereference which may had lead to denial of service (bsc#1172199).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20806: Fixed a NULL pointer dereference which may had lead to denial of service (bsc#1172199).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736).

CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20806: Fixed a NULL pointer dereference which may had lead to denial of service (bsc#1172199).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736).

CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20806: Fixed a NULL pointer dereference which may had lead to denial of service (bsc#1172199).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736).

CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20806: Fixed a NULL pointer dereference which may had lead to denial of service (bsc#1172199).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).

CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).

CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).

CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931).

CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111).

CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).

CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).

CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).

CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem caused by mishandling invalid descriptors (bnc#1168854).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bnc#1170345).

CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bnc#1168829).

CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/events/core.c allowed local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation (bnc#1087813).

CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).

CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971).

CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912).

CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c allowed attackers to cause a denial of service (soft lockup) via a crafted journal size (bnc#1164069).

CVE-2018-21008: Fixed a use-after-free which could be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).

CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157).

CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155).

CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bnc#1157804).

CVE-2019-14615: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may have allowed an unauthenticated user to potentially enable information disclosure via local access (bnc#1160195, bsc#1165881).

CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911).

CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910).

CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908).

CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841).

CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem image, performing some operations, and unmounting could lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819).

CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021).

CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297).

CVE-2019-11091,CVE-2018-12126,CVE-2018-12130,CVE-2018-12127: Earlier mitigations for the 'MDS' Microarchitectural Data Sampling attacks were not complete. An additional fix was added to the x86_64 fast systemcall path to further mitigate these attacks. (bsc#1164846 bsc#1170847)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).

CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).

CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).

CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931).

CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111).

CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).

CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).

CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).

CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem caused by mishandling invalid descriptors (bnc#1168854).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bnc#1170345).

CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bnc#1168829).

CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/events/core.c allowed local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation (bnc#1087813).

CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).

CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971).

CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912).

CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c allowed attackers to cause a denial of service (soft lockup) via a crafted journal size (bnc#1164069).

CVE-2018-21008: Fixed a use-after-free which could be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).

CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157).

CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155).

CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bnc#1157804).

CVE-2019-14615: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may have allowed an unauthenticated user to potentially enable information disclosure via local access (bnc#1160195, bsc#1165881).

CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911).

CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910).

CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908).

CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841).

CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem image, performing some operations, and unmounting could lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819).

CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021).

CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297).

CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303).

CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827).

CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904).

CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).

CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900).

CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).

CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824).

CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823).

CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).

CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).

CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417).

CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410).

CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).

CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413).

CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).

CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042).

CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).

CVE-2019-18660: Fixed a information disclosure on powerpc related to the Spectre-RSB mitigation. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038 1157923).

CVE-2019-18683: Fixed a privilege escalation where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem) (bnc#1155897).

CVE-2019-19062: Fixed a memory leak in the crypto_report() function in crypto/crypto_user_base.c, which allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).

CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).

CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).

CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),     the core of any Linux operating system. The kernel     handles the basic functions of the operating system:
    memory allocation, process allocation, device input and     output, etc.Security Fix(es):Heap-based buffer overflow     in the udf_load_logicalvol function in fs/udf/super.c     in the Linux kernel before 3.4.5 allows remote     attackers to cause a denial of service (system crash)     or possibly have unspecified other impact via a crafted     UDF filesystem.(CVE-2012-3400)The     mmc_ioctl_cdrom_read_data function in     drivers/cdrom/cdrom.c in the Linux kernel through 3.10     allows local users to obtain sensitive information from     kernel memory via a read operation on a malfunctioning     CD-ROM drive.(CVE-2013-2164)The     sctp_sf_do_5_2_4_dupcook function in     net/sctp/sm_statefuns.c in the SCTP implementation in     the Linux kernel before 3.8.5 does not properly handle     associations during the processing of a duplicate     COOKIE ECHO chunk, which allows remote attackers to     cause a denial of service (NULL pointer dereference and     system crash) or possibly have unspecified other impact     via crafted SCTP traffic.(CVE-2013-2206)The (1)     get_user and (2) put_user API functions in the Linux     kernel before 3.5.5 on the v6k and v7 ARM platforms do     not validate certain addresses, which allows attackers     to read or modify the contents of arbitrary kernel     memory locations via a crafted application, as     exploited in the wild against Android devices in     October and November 2013.(CVE-2013-6282)An issue was     discovered in the Linux kernel before 4.20. There is a     race condition in smp_task_timedout() and     smp_task_done() in drivers/scsi/libsas/sas_expander.c,     leading to a use-after-free.(CVE-2018-20836)The Siemens     R3964 line discipline driver in drivers/tty/n_r3964.c     in the Linux kernel before 5.0.8 has multiple race     conditions.(CVE-2019-11486)The Linux kernel before     5.1-rc5 allows page->_refcount reference count     overflow, with resultant use-after-free issues, if     about 140 GiB of RAM exists. This is related to     fs/fuse/dev.c, fs/pipe.c, fs/splice.c,     include/linux/mm.h, include/linux/pipe_fs_i.h,     kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It     can occur with FUSE requests.(CVE-2019-11487)The     coredump implementation in the Linux kernel before     5.0.10 does not use locking or other mechanisms to     prevent vma layout or vma flags changes while it runs,     which allows local users to obtain sensitive     information, cause a denial of service, or possibly     have unspecified other impact by triggering a race     condition with mmget_not_zero or get_task_mm calls.
    This is related to fs/userfaultfd.c, mm/mmap.c,     fs/proc/task_mmu.c, and     drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A     n issue was discovered in the Linux kernel before     5.0.7. A NULL pointer dereference can occur when     megasas_create_frame_pool() fails in     megasas_alloc_cmds() in     drivers/scsi/megaraid/megaraid_sas_base.c. This causes     a Denial of Service, related to a     use-after-free.(CVE-2019-11810)An issue was discovered     in the Linux kernel before 5.0.4. There is a     use-after-free upon attempted read access to     /proc/ioports after the ipmi_si module is removed,     related to drivers/char/ipmi/ipmi_si_intf.c,     drivers/char/ipmi/ipmi_si_mem_io.c, and     drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A     flaw was found in the Linux kernel's handle_rx()     function in the [vhost_net] driver. A malicious virtual     guest, under specific conditions, can trigger an     out-of-bounds write in a kmalloc-8 slab on a virtual     host which may lead to a kernel memory corruption and a     system panic. Due to the nature of the flaw, privilege     escalation cannot be fully ruled out. Versions from     v4.16 and newer are vulnerable.(CVE-2018-16880)An issue     was discovered in rds_tcp_kill_sock in net/rds/tcp.c in     the Linux kernel before 5.0.8. There is a race     condition leading to a use-after-free, related to net     namespace cleanup.(CVE-2019-11815)A flaw was found in     the Linux kernel in the function     hid_debug_events_read() in drivers/hid/hid-debug.c file     which may enter an infinite loop with certain     parameters passed from a userspace. A local privileged     user ('root') can cause a system lock up and a denial     of service. Versions from v4.18 and newer are     vulnerable.(CVE-2019-3819)A flaw was found in the Linux     kernel's vfio interface implementation that permits     violation of the user's locked memory limit. If a     device is bound to a vfio driver, such as vfio-pci, and     the local attacker is administratively granted     ownership of the device, it may cause a system memory     exhaustion and thus a denial of service (DoS). Versions     3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)An     infinite loop issue was found in the vhost_net kernel     module in Linux Kernel up to and including v5.1-rc6,     while handling incoming packets in handle_rx(). It     could occur if one end sends packets faster than the     other end can process them. A guest user, maybe remote     one, could use this flaw to stall the vhost_net kernel     thread, resulting in a DoS scenario.(CVE-2019-3900)In     the Linux Kernel before versions 4.20.8 and 4.19.21 a     use-after-free error in the 'sctp_sendmsg()' function     (net/sctp/socket.c) when handling SCTP_SENDALL flag can     be exploited to corrupt memory.(CVE-2019-8956)A flaw     was found in the Linux kernel's implementation of ext4     extent management. The kernel doesn't correctly     initialize memory regions in the extent tree block     which may be exported to a local user to obtain     sensitive information by reading empty/uninitialized     data from the filesystem.(CVE-2019-11833)An issue was     discovered in drm_load_edid_firmware in     drivers/gpu/drm/drm_edid_load.c in the Linux kernel     through 5.1.5. There is an unchecked kstrdup of fwstr,     which might allow an attacker to cause a denial of     service (NULL pointer dereference and system crash).
    NOTE: The vendor disputes this issues as not being a     vulnerability because kstrdup() returning NULL is     handled sufficiently and there is no chance for a NULL     pointer dereference.(CVE-2019-12382)An issue was     discovered in the efi subsystem in the Linux kernel     through 5.1.5. phys_efi_set_virtual_address_map in     arch/x86/platform/efi/efi.c and efi_call_phys_prolog in     arch/x86/platform/efi/efi_64.c mishandle memory     allocation failures. NOTE: This id is disputed as not     being an issue because ?All the code touched by the     referenced commit runs only at boot, before any user     processes are started. Therefore, there is no     possibility for an unprivileged user to control     it.(CVE-2019-12380)An issue was discovered in the Linux     kernel before 5.2.3. An out of bounds access exists in     the function hclge_tm_schd_mode_vnet_base_cfg in the     file drivers     et/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.(CVE-2019-     15925)An issue was discovered in     dlpar_parse_cc_property in     arch/powerpc/platforms/pseries/dlpar.c in the Linux     kernel through 5.1.6. There is an unchecked kstrdup of     prop-i1/4zname, which might allow an attacker to cause a     denial of service (NULL pointer dereference and system     crash).(CVE-2019-12614)An issue was discovered in     net/ipv4/sysctl_net_ipv4.c in the Linux kernel before     5.0.11. There is a net/ipv4/tcp_input.c signed integer     overflow in tcp_ack_update_rtt() when userspace writes     a very large integer to     /proc/syset/ipv4/tcp_min_rtt_wlen, leading to a denial     of service or possibly unspecified other impact, aka     CID-19fad20d15a6.(CVE-2019-18805)A flaw was found in     the way PTRACE_TRACEME functionality was handled in the     Linux kernel. The kernel's implementation of ptrace can     inadvertently grant elevated permissions to an attacker     who can then abuse the relationship between the tracer     and the process being traced. This flaw could allow a     local, unprivileged user to increase their privileges     on the system or cause a denial of     service.(CVE-2019-13272)An issue was discovered in     ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux     kernel through 5.1.5. There is an unchecked kmalloc of     new_ra, which might allow an attacker to cause a denial     of service (NULL pointer dereference and system crash).
    NOTE: This has been disputed as not an     issue.(CVE-2019-12378)An issue was discovered in     ip_ra_control in net/ipv4/ip_sockglue.c in the Linux     kernel through 5.1.5. There is an unchecked kmalloc of     new_ra, which might allow an attacker to cause a denial     of service (NULL pointer dereference and system crash).
    NOTE: this is disputed because new_ra is never used if     it is NULL.(CVE-2019-12381)An issue was discovered in     sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c     in the Linux kernel through 5.1.5. There is an     unchecked kstrndup of derived_name, which might allow     an attacker to cause a denial of service (NULL pointer     dereference and system crash). NOTE: This id is     disputed as not being an issue because 'The memory     allocation that was not checked is part of a code that     only runs at boot time, before user processes are     started. Therefore, there is no possibility for an     unprivileged user to control it, and no denial of     service.'.(CVE-2019-12455)An issue was discovered in     the MPT3COMMAND case in _ctl_ioctl_main in     drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel     through 5.1.5. It allows local users to cause a denial     of service or possibly have unspecified other impact by     changing the value of ioc_number between two kernel     reads of that value, aka a ''double fetch''     vulnerability. NOTE: a third party reports that this is     unexploitable because the doubly fetched value is not     used.(CVE-2019-12456)An issue was discovered in     get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in     the Linux kernel through 5.1.6. There is an unchecked     kstrdup_const of node_info-i1/4zvdev_port.name, which     might allow an attacker to cause a denial of service     (NULL pointer dereference and system     crash).(CVE-2019-12615)In parse_hid_report_descriptor     in drivers/input/tablet/gtco.c in the Linux kernel     through 5.2.1, a malicious USB device can send an HID     report that triggers an out-of-bounds write during     generation of debugging messages.(CVE-2019-13631)A     vulnerability was found in the Linux kernelaEURtms floppy     disk driver implementation. A local attacker with     access to the floppy device could call set_geometry in     drivers/block/floppy.c, which does not validate the     sect and head fields, causing an integer overflow and     out-of-bounds read. This flaw may crash the system or     allow an attacker to gather information causing     subsequent successful     attacks.(CVE-2019-14283)check_input_term in     sound/usb/mixer.c in the Linux kernel through 5.2.9     mishandles recursion, leading to kernel stack     exhaustion.(CVE-2019-15118)An issue was discovered in     the Linux kernel before 5.2.6. There is a     use-after-free caused by a malicious USB device in the     drivers/media/v4l2-core/v4l2-dev.c driver because     drivers/media/radio/radio-raremono.c does not properly     allocate memory.(CVE-2019-15211)An issue was discovered     in the Linux kernel before 5.0.10. There is a     use-after-free in the sound subsystem because card     disconnection causes certain data structures to be     deleted too early. This is related to sound/core/init.c     and sound/core/info.c.(CVE-2019-15214)An issue was     discovered in the Linux kernel before 5.1.8. There is a     NULL pointer dereference caused by a malicious USB     device in the drivers/media/usb/siano/smsusb.c     driver.(CVE-2019-15218)An issue was discovered in the     Linux kernel before 5.1.8. There is a NULL pointer     dereference caused by a malicious USB device in the     drivers/usb/misc/sisusbvga/sisusb.c     driver.(CVE-2019-15219)An issue was discovered in the     Linux kernel before 5.2.1. There is a use-after-free     caused by a malicious USB device in the     driverset/wireless/intersil/p54/p54usb.c     driver.(CVE-2019-15220)An issue was discovered in the     Linux kernel before 5.1.17. There is a NULL pointer     dereference caused by a malicious USB device in the     sound/usb/line6/pcm.c driver.(CVE-2019-15221)An issue     was discovered in the Linux kernel before 5.0.9. There     is a use-after-free in atalk_proc_exit, related to     net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and     net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An     issue was discovered in xfs_setattr_nonsize in     fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9.
    XFS partially wedges when a chgrp fails on account of     being out of disk quota. xfs_setattr_nonsize is failing     to unlock the ILOCK after the xfs_qm_vop_chown_reserve     call fails. This is primarily a local DoS attack     vector, but it might result as well in remote DoS if     the XFS filesystem is exported for instance via     NFS.(CVE-2019-15538)An issue was discovered in the     Linux kernel before 5.0.19. There is an out-of-bounds     array access in __xfrm_policy_unlink, which will cause     denial of service, because verify_newpolicy_info in     net/xfrm/xfrm_user.c mishandles directory     validation.(CVE-2019-15666)In the Linux kernel before     5.1.13, there is a memory leak in     drivers/scsi/libsas/sas_expander.c when SAS expander     discovery fails. This will cause a BUG and denial of     service.(CVE-2019-15807)An issue was discovered in the     Linux kernel before 5.0.5. There is a use-after-free     issue when hci_uart_register_dev() fails in     hci_uart_set_proto() in     drivers/bluetooth/hci_ldisc.c.(CVE-2019-15917)An issue     was discovered in the Linux kernel before 5.0.10.
    SMB2_write in fs/cifs/smb2pdu.c has a     use-after-free.(CVE-2019-15919)An issue was discovered     in the Linux kernel before 5.0.10. SMB2_read in     fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was     not fixed correctly in 5.0.10 see the 5.0.11 ChangeLog,     which documents a memory leak.(CVE-2019-15920)An issue     was discovered in the Linux kernel before 5.0.4. The 9p     filesystem did not protect i_size_write() properly,     which causes an i_size_read() infinite loop and denial     of service on SMP systems.(CVE-2019-16413)An issue was     discovered in can_can_gw_rcv in net/can/gw.c in the     Linux kernel through 4.19.13. The CAN frame     modification rules allow bitwise logical operations     that can be also applied to the can_dlc field. Because     of a missing check, the CAN drivers may write arbitrary     content beyond the data registers in the CAN     controller's I/O memory when processing can-gw     manipulated outgoing frames. This is related to     cgw_csum_xor_rel. An unprivileged user can trigger a     system crash (general protection     fault).(CVE-2019-3701)A flaw was found in the Linux     kernel's Marvell wifi chip driver. A heap overflow in     mwifiex_update_bss_desc_with_ie function in     marvell/mwifiex/scan.c allows remote attackers to cause     a denial of service(system crash) or execute arbitrary     code.(CVE-2019-3846)A new software page cache side     channel attack scenario was discovered in operating     systems that implement the very common 'page cache'     caching mechanism. A malicious user/process could use     'in memory' page-cache knowledge to infer access     timings to shared memory and gain knowledge which can     be used to reduce effectiveness of cryptographic     strength by monitoring algorithmic behavior, infer     access patterns of memory to determine code paths     taken, and exfiltrate data to a blinded attacker     through page-granularity access times as a     side-channel.(CVE-2019-5489)In the Android kernel in     the video driver there is a kernel pointer leak due to     a WARN_ON statement. This could lead to local     information disclosure with System execution privileges     needed. User interaction is not needed for     exploitation.(CVE-2019-9455)A vulnerability was found     in the arch/x86/lib/insn-eval.c function in the Linux     kernel. An attacker could corrupt the memory due to a     flaw in use-after-free access to an LDT entry caused by     a race condition between modify_ldt() and a #BR     exception for an MPX bounds violation.(CVE-2019-13233)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
145806	CentOS 8 : kernel (CESA-2020:4431)	Nessus	CentOS Local Security Checks	high
142430	RHEL 8 : kernel (RHSA-2020:4431)	Nessus	Red Hat Local Security Checks	high
142382	RHEL 8 : kernel-rt (RHSA-2020:4609)	Nessus	Red Hat Local Security Checks	high
140378	SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)	Nessus	SuSE Local Security Checks	high
138679	openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)	Nessus	SuSE Local Security Checks	high
138272	SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1)	Nessus	SuSE Local Security Checks	critical
137617	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)	Nessus	SuSE Local Security Checks	high
137616	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1603-1)	Nessus	SuSE Local Security Checks	high
137615	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1602-1)	Nessus	SuSE Local Security Checks	high
137613	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1599-1)	Nessus	SuSE Local Security Checks	high
137608	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1587-1)	Nessus	SuSE Local Security Checks	high
136782	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1275-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	SuSE Local Security Checks	critical
136661	SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)	Nessus	SuSE Local Security Checks	critical
134387	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)	Nessus	Huawei Local Security Checks	critical

CVE-2019-9455

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

critical

high

high

high

high

high

critical

critical

critical