openSUSE Security Update : the Linux Kernel (openSUSE-2020-388)

low Nessus Plugin ID 135003
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.2


The remote openSUSE host is missing a security update.


The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929 1164078).

- CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162929 1162931).

- CVE-2020-9383: An issue was discovered in the set_fdc in drivers/block/floppy.c that lead to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2 (bnc#1165111).

- CVE-2019-19768: There was a use-after-free (read) in the
__blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer) (bnc#1159285).

The following non-security bugs were fixed :

- ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666).

- ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).

- ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666).

- ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).

- ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).

- ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666).

- ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666).

- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666).

- ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).

- ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666).

- ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666).

- ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666).

- ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666).

- ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).

- ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666).

- ALSA: usb-audio: fix Corsair Virtuoso mixer label collision (bsc#1111666).

- ALSA: usb-audio: unlock on error in probe (bsc#1111666).

- ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510).

- ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510).

- ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510).

- ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510).

- ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510).

- ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510).

- Add CONFIG_RAID6_PQ_BENCHMARK=y in following config files for the above change,

- EDAC, ghes: Make platform-based whitelisting x86-only (bsc#1158187).

- EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279).

- Enable the following two patches in series.conf, and refresh the KABI patch due to previous md commit (bsc#1119680),

- HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510).

- Input: edt-ft5x06 - work around first register access error (bsc#1051510).

- Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510).

- Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510).

- Input: synaptics - switch T470s to RMI4 by default (bsc#1051510).

- KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104).

- NFC: pn544: Fix a typo in a debug message (bsc#1051510).

- NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510).

- PCI/AER: Clear device status bits during ERR_COR handling (bsc#1161561).

- PCI/AER: Clear device status bits during ERR_FATAL and ERR_NONFATAL (bsc#1161561).

- PCI/AER: Clear only ERR_FATAL status bits during fatal recovery (bsc#1161561).

- PCI/AER: Clear only ERR_NONFATAL bits during non-fatal recovery (bsc#1161561).

- PCI/AER: Do not clear AER bits if error handling is Firmware-First (bsc#1161561).

- PCI/AER: Do not read upstream ports below fatal errors (bsc#1161561).

- PCI/AER: Factor out ERR_NONFATAL status bit clearing (bsc#1161561).

- PCI/AER: Take reference on error devices (bsc#1161561).

- PCI/ERR: Run error recovery callbacks for all affected devices (bsc#1161561).

- PCI/ERR: Use slot reset if available (bsc#1161561).

- Update 'drm/i915: Wean off drm_pci_alloc/drm_pci_free' (bsc#1114279) This patch fixes ../drivers/gpu/drm/i915/i915_gem.c: In function 'i915_gem_object_get_pages_phys':
../drivers/gpu/drm/i915/i915_gem.c:232:2: warning:
return makes pointer from integer without a cast [enabled by default] introduced by commit cde29f21f04985905600b14e6936f4f023329a99.

- Update config files. CONFIG_IPX was set on ARM. Disable as on other archs.

- [1/2,media] uvcvideo: Refactor teardown of uvc on USB disconnect ( (bsc#1164507)

- amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956)

- atm: zatm: Fix empty body Clang warnings (bsc#1051510).

- b43legacy: Fix -Wcast-function-type (bsc#1051510).

- blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).

- blktrace: fix dereference after null check (bsc#1159285).

- blktrace: fix trace mutex deadlock (bsc#1159285).

- bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09).

- config: enable BLK_DEV_SR_VENDOR on armv7hl (bsc#1164632)

- cpufreq: powernv: Fix unsafe notifiers (bsc#1065729).

- cpufreq: powernv: Fix use-after-free (bsc#1065729).

- crypto: pcrypt - Fix user-after-free on module unload (git-fixes).

- dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510).

- driver core: Print device when resources present in really_probe() (bsc#1051510).

- driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510).

- driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510).

- drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).

- drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).

- drm/amd/dm/mst: Ignore payload update failures (bsc#1112178)

- drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510).

- drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (git-fixes).

- drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits (git-fixes).

- drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279)

- drm/i915/userptr: Try to acquire the page lock around (bsc#1114279)

- drm/i915: Program MBUS with rmw during initialization (git-fixes).

- drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510).

- drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510).

- drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510).

- drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets (git-fixes).

- drm/sun4i: Fix DE2 VI layer format support (git-fixes).

- drm/sun4i: de2/de3: Remove unsupported VI layer formats (git-fixes).

- drm: remove the newline for CRC source name (bsc#1051510).

- fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003).

- firmware: imx: misc: Align imx sc msg structs to 4 (git-fixes).

- firmware: imx: scu-pd: Align imx sc msg structs to 4 (git-fixes).

- firmware: imx: scu: Ensure sequential TX (git-fixes).

- fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985).

- hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510).

- ibmvnic: Do not process device remove during device reset (bsc#1065729).

- ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729).

- iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101).

- iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102).

- iommu/amd: Remap the IOMMU device table with the memory encryption mask for kdump (bsc#1141895).

- iommu/dma: Fix MSI reservation allocation (bsc#1166730).

- iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732).

- iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103).

- iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733).

- iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734).

- iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731).

- iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735).

- iwlegacy: Fix -Wcast-function-type (bsc#1051510).

- iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632).

- iwlwifi: mvm: Fix thermal zone registration (bsc#1051510).

- kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled (bsc#1141895).

- kexec: Allocate decrypted control pages for kdump if SME is enabled (bsc#1141895).

- lib/raid6: add missing include for raid6test (bsc#1166003).

- lib/raid6: add option to skip algo benchmarking (bsc#1166003).

- lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003).

- libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields (bsc#1165929).

- libnvdimm/pfn_dev: Do not clear device memmap area during generic namespace probe (bsc#1165929 bsc#1165950).

- libnvdimm: remove redundant __func__ in dev_dbg (bsc#1165929).

- md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003).

- md-batch-flush-requests-kabi.patch

- md-batch-flush-requests.patch

- md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003).

- md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003).

- md-bitmap: small cleanups (bsc#1166003).

- md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003).

- md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003).

- md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003).

- md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003).

- md-cluster/raid10: support add disk under grow mode (bsc#1166003).

- md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003).

- md-cluster: remove suspend_info (bsc#1166003).

- md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003).

- md-linear: use struct_size() in kzalloc() (bsc#1166003).

- md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003).

- md/bitmap: use mddev_suspend/resume instead of
->quiesce() (bsc#1166003).

- md/raid0: Fix an error message in raid0_make_request() (bsc#1166003).

- md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003).

- md/raid10: end bio when the device faulty (bsc#1166003).

- md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003).

- md/raid10: read balance chooses idlest disk for SSD (bsc#1166003).

- md/raid1: Fix a warning message in remove_wb() (bsc#1166003).

- md/raid1: avoid soft lockup under high load (bsc#1166003).

- md/raid1: end bio when the device faulty (bsc#1166003).

- md/raid1: fail run raid1 array when active disk less than one (bsc#1166003).

- md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003).

- md/raid1: get rid of extra blank line and space (bsc#1166003).

- md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003).

- md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003).

- md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003).

- md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003).

- md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003).

- md: add a missing endianness conversion in check_sb_changes (bsc#1166003).

- md: add bitmap_abort label in md_run (bsc#1166003).

- md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003).

- md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003).

- md: avoid invalid memory access for array sb->dev_roles (bsc#1166003).

- md: change kabi fix patch name, from patches.kabi/md-batch-flush-requests-kabi.patch to patches.kabi/md-backport-kabi.patch

- md: convert to kvmalloc (bsc#1166003).

- md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003).

- md: do not set In_sync if array is frozen (bsc#1166003).

- md: fix a typo s/creat/create (bsc#1166003).

- md: fix for divide error in status_resync (bsc#1166003).

- md: fix spelling typo and add necessary space (bsc#1166003).

- md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003).

- md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003).

- md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003).

- md: no longer compare spare disk superblock events in super_load (bsc#1166003).

- md: raid10: Use struct_size() in kmalloc() (bsc#1166003).

- md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003).

- md: remove set but not used variable 'bi_rdev' (bsc#1166003).

- md: rename wb stuffs (bsc#1166003).

- md: return -ENODEV if rdev has no mddev assigned (bsc#1166003).

- md: use correct type in super_1_load (bsc#1166003).

- md: use correct type in super_1_sync (bsc#1166003).

- md: use correct types in md_bitmap_print_sb (bsc#1166003).

- media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507).

- net/smc: add fallback check to connect() (git-fixes).

- net/smc: fix cleanup for linkgroup setup failures (git-fixes).

- net/smc: no peer ID in CLC decline for SMCD (git-fixes).

- net/smc: transfer fasync_list in case of fallback (git-fixes).

- net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09).

- net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09).

- net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09).

- net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09).

- net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09).

- nvme: Fix parsing of ANA log page (bsc#1166658).

- nvme: Translate more status codes to blk_status_t (bsc#1156510).

- nvme: resync include/linux/nvme.h with nvmecli (bsc#1156510).

- orinoco: avoid assertion in case of NULL pointer (bsc#1051510).

- padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes).

- pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510).

- pinctrl: imx: scu: Align imx sc msg structs to 4 (git-fixes).

- pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510).

- pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510).

- powerpc/pseries: fix of_read_drc_info_cell() to point at next record (bsc#1165980 ltc#183834).

- powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686).

- qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510).

- raid10: refactor common wait code from regular read/write request (bsc#1166003).

- raid1: factor out a common routine to handle the completion of sync write (bsc#1166003).

- raid1: simplify raid1_error function (bsc#1166003).

- raid1: use an int as the return value of raise_barrier() (bsc#1166003).

- raid5 improve too many read errors msg by adding limits (bsc#1166003).

- raid5: block failing device if raid will be failed (bsc#1166003).

- raid5: do not increment read_errors on EILSEQ return (bsc#1166003).

- raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003).

- raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003).

- raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003).

- raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003).

- raid5: set write hint for PPL (bsc#1166003).

- raid5: use bio_end_sector in r5_next_bio (bsc#1166003).

- raid6/test: fix a compilation error (bsc#1166003).

- raid6/test: fix a compilation warning (bsc#1166003).

- remoteproc: Initialize rproc_class before use (bsc#1051510).

- rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510).

- s390/pci: Fix unexpected write combine on resource (git-fixes).

- s390/uv: Fix handling of length extensions (git-fixes).

- staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510).

- staging: rtl8188eu: Fix potential security hole (bsc#1051510).

- staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510).

- staging: rtl8723bs: Fix potential security hole (bsc#1051510).

- tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231).

- tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003).

- usb: host: xhci: update event ring dequeue pointer on purpose (git-fixes).

- vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279)

- virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes).

- x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279).

- x86/ioremap: Add an ioremap_encrypted() helper (bsc#1141895).

- x86/kdump: Export the SME mask to vmcoreinfo (bsc#1141895).

- x86/mce/amd: Fix kobject lifetime (bsc#1114279).

- x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279).

- x86/mm: Split vmalloc_sync_all() (bsc#1165741).

- xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873).

- xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984).

- xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510).

- xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510).


Update the affected the Linux Kernel packages.

See Also

Plugin Details

Severity: Low

ID: 135003

File Name: openSUSE-2020-388.nasl

Version: 1.2

Type: local

Agent: unix

Published: 3/30/2020

Updated: 4/2/2020

Dependencies: 12634

Risk Information

Risk Factor: Low

VPR Score: 5.2

CVSS Score Source: CVE-2020-9383

CVSS v2.0

Base Score: 3.6

Temporal Score: 2.7

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:kernel-kvmsmall-base, p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo, p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: undefined

Exploit Ease: No known exploits are available

Patch Publication Date: 3/27/2020

Vulnerability Publication Date: 12/12/2019

Reference Information

CVE: CVE-2019-19768, CVE-2020-8647, CVE-2020-8649, CVE-2020-9383