QID 750691

Date Published: 2021-06-24

QID 750691: SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:1141-1)

The suse linux enterprise 12 sp4 kernel was updated to receive various security and bugfixes.
the following security bugs were fixed: - cve-2020-8834: kvm on power8 processors had a conflicting use of hstate_host_r1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption.
Because of this, an attacker with the ability to run code in kernel space of a guest vm can cause the host kernel to panic (bnc#1168276).
- cve-2020-11494: an issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks config_init_stack_all (bnc#1168424).
- cve-2020-10942: in get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
- cve-2019-9458: in the video driver there was a use after free due to a race condition.
This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
- cve-2019-3701: fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
- cve-2019-19770: fixed a use-after-free in the debugfs_remove function (bsc#1159198).
- cve-2020-11669: fixed an issue where arch/powerpc/kernel/idle_book3s.
S did not have save/restore functionality for pnv_powersave_amr, pnv_powersave_uamor, and pnv_powersave_amor (bnc#1169390).
- cve-2020-8647: there was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).
- cve-2020-8649: there was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931).
- cve-2020-9383: an issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the fdc index is not checked for errors before assigning it (bnc#1165111).
- cve-2019-19768: fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation allows attacker to compromise the system.

  • CVSS V3 rated as Critical - 8.2 severity.
  • CVSS V2 rated as High - 6.4 severity.
    • Solution
    Upgrade to the latest package which contains the patch. To install this SUSE Security, Update use YaST online_update. Alternatively you can run the command listed for your product. To install packages using the command line interface, use command "yum update". Refer to Suse security advisory: SUSE-SU-2020:1141-1 to address this issue and obtain further details.
    Vendor References

    CVEs related to QID 750691

    CVE-2020-11669 | CVE-2020-10942 | CVE-2019-19770 | CVE-2020-8647 | CVE-2019-9458 | CVE-2020-11494 | CVE-2020-8649 | CVE-2020-9383 | CVE-2020-8834 | CVE-2019-19768 | CVE-2019-3701 |
    Software Advisories
    Advisory ID Software Component Link
    SUSE-SU-2020:1141-1 SUSE Enterprise Linux URL Logo lists.suse.com/pipermail/sle-security-updates/2020-April/006755.html
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].