Vulnerability from csaf_suse
Published
2020-03-06 10:09
Modified
2020-03-06 10:09
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 real-time kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).
- CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157).
- CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155).
- CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523).
- CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692).
- CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).
- CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518).
- CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).
- CVE-2019-19927: A slab-out-of-bounds read access could have been caused when mounting a crafted f2fs filesystem image and performing some operations on it, in drivers/gpu/drm/ttm/ttm_page_alloc.c (bnc#1160147).
- CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911).
- CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966).
The following non-security bugs were fixed:
- ALSA: hda - Apply sync-write workaround to old Intel platforms, too (bsc#1111666).
- ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker (bsc#1111666).
- ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666).
- ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen (bsc#1111666).
- ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC (bsc#1111666).
- ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666).
- ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).
- ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 (bsc#1111666).
- ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).
- ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).
- ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI (bsc#1111666).
- Fix partial checked out tree build ... so that bisection does not break.
- Fix the locking in dcache_readdir() and friends (bsc#1123328).
- HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).
- HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).
- HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).
- IB/hfi1: Do not cancel unused work item (bsc#1114685 ).
- NFC: pn533: fix bulk-message timeout (bsc#1051510).
- RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).
- Temporary workaround for bsc#1159096 should no longer be needed.
- USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510).
- USB: serial: io_edgeport: add missing active-port sanity check (bsc#1051510).
- USB: serial: keyspan: handle unbound ports (bsc#1051510).
- USB: serial: opticon: fix control-message timeouts (bsc#1051510).
- USB: serial: quatech2: handle unbound ports (bsc#1051510).
- USB: serial: suppress driver bind attributes (bsc#1051510).
- blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1159377).
- blk-mq: make sure that line break can be printed (bsc#1159377).
- bnxt: apply computed clamp value for coalece parameter (bsc#1104745).
- bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ).
- bnxt_en: Return error if FW returns more data than dump length (bsc#1104745).
- bpf/sockmap: Read psock ingress_msg before sk_receive_queue (bsc#1083647).
- bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647).
- bpf: Reject indirect var_off stack access in raw mode (bsc#1160618).
- bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618).
- bpf: Sanity check max value for var_off stack access (bco#1160618).
- bpf: Support variable offset stack access from helpers (bco#1160618).
- bpf: add self-check logic to liveness analysis (bsc#1160618).
- bpf: add verifier stats and log_level bit 2 (bsc#1160618).
- bpf: improve stacksafe state comparison (bco#1160618).
- bpf: improve verification speed by droping states (bsc#1160618).
- bpf: improve verification speed by not remarking live_read (bsc#1160618).
- bpf: improve verifier branch analysis (bsc#1160618).
- bpf: increase complexity limit and maximum program size (bsc#1160618).
- bpf: increase verifier log limit (bsc#1160618).
- bpf: speed up stacksafe check (bco#1160618).
- bpf: verifier: teach the verifier to reason about the BPF_JSET instruction (bco#1160618).
- btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692).
- btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442).
- btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804).
- btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).
- btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802).
- btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803).
- btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692).
- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692).
- btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).
- btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692).
- btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692).
- btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692).
- btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692).
- btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692).
- btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692).
- btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).
- btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692).
- can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510).
- can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510).
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510).
- cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).
- cgroup: pids: use atomic64_t for pids->limit (bsc#1161514).
- cifs: Close cached root handle only if it had a lease (bsc#1144333).
- cifs: Close open handle after interrupted close (bsc#1144333).
- cifs: Do not miss cancelled OPEN responses (bsc#1144333).
- cifs: Fix NULL pointer dereference in mid callback (bsc#1144333).
- cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).
- cifs: Fix mount options set in automount (bsc#1144333).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).
- cifs: Properly process SMB3 lease breaks (bsc#1144333).
- cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).
- cifs: add support for flock (bsc#1144333).
- cifs: close the shared root handle on tree disconnect (bsc#1144333).
- cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333).
- clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes).
- clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).
- clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).
- clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510).
- clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).
- drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).
- drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).
- drm/i810: Prevent underflow in ioctl (bsc#1114279)
- drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178)
- drm/i915/gvt: set guest display buffer as readonly (bsc#1112178)
- drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178)
- drm/i915: Add missing include file <linux/math64.h> (bsc#1051510).
- drm/i915: Fix pid leak with banned clients (bsc#1114279)
- drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
- drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
- drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279)
- drm/sun4i: hdmi: Remove duplicate cleanup calls (bsc#1113956)
- drm: limit to INT_MAX in create_blob ioctl (bsc#1051510).
- exit: panic before exit_mm() on global init exit (bsc#1161549).
- extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510).
- fjes: fix missed check in fjes_acpi_add (bsc#1051510).
- fs: cifs: Fix atime update check vs mtime (bsc#1144333).
- ftrace: Avoid potential division by zero in function profiler (bsc#1160784).
- gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510).
- hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510).
- iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510).
- inet: protect against too small mtu values (networking-stable-19_12_16).
- init: add arch_call_rest_init to allow stack switching (jsc#SLE-11178).
- iommu/iova: Init the struct iova to fix the possible memleak (bsc#1160469).
- iommu/mediatek: Correct the flush_iotlb_all callback (bsc#1160470).
- iommu/vt-d: Unlink device if failed to add to group (bsc#1160756).
- iommu: Remove device link to group on failure (bsc#1160755).
- iwlwifi: change monitor DMA to be coherent (bsc#1161243).
- kABI fixup for alloc_dax_region (bsc#1158071,bsc#1160678).
- kABI: Protest new fields in BPF structs (bsc#1160618).
- kABI: protect struct sctp_ep_common (kabi).
- kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787).
- kvm: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476).
- leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674).
- leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674).
- livepatch: Simplify stack trace retrieval (jsc#SLE-11178).
- mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO (bsc#1112374).
- mm, debug_pagealloc: do not rely on static keys too early (VM debuging functionality, bsc#1159096).
- mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394).
- mmc: sdhci: Add a quirk for broken command queuing (git-fixes).
- mmc: sdhci: Workaround broken command queuing on Intel GLK (git-fixes).
- net, sysctl: Fix compiler warning when only cBPF is present (bsc#1109837).
- net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25).
- net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25).
- net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858).
- net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25).
- net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16).
- net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16).
- net: psample: fix skb_over_panic (networking-stable-19_12_03).
- net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25).
- net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03).
- net: usb: lan78xx: limit size of local TSO packets (bsc#1051510).
- net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18).
- openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03).
- openvswitch: remove another BUG_ON() (networking-stable-19_12_03).
- openvswitch: support asymmetric conntrack (networking-stable-19_12_16).
- platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510).
- powerpc/irq: fix stack overflow verification (bsc#1065729).
- powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875).
- powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729).
- powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729).
- powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740).
- powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes).
- powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729).
- powerpc/tools: Do not quote $objdump in scripts (bsc#1065729).
- powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030).
- powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17).
- powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17).
- qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ).
- r8152: add missing endpoint sanity check (bsc#1051510).
- s390/ftrace: save traced function caller (jsc#SLE-11178).
- s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11178).
- s390/head64: correct init_task stack setup (jsc#SLE-11178).
- s390/kasan: avoid false positives during stack unwind (jsc#SLE-11178).
- s390/kasan: avoid report in get_wchan (jsc#SLE-11178).
- s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11178).
- s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11178).
- s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11178).
- s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11178).
- s390/test_unwind: print verbose unwinding results (jsc#SLE-11178).
- s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11178).
- s390/unwind: always inline get_stack_pointer (jsc#SLE-11178).
- s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11178).
- s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11178).
- s390/unwind: correct stack switching during unwind (jsc#SLE-11178).
- s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11178).
- s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11178).
- s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11178).
- s390/unwind: fix mixing regs and sp (jsc#SLE-11178).
- s390/unwind: introduce stack unwind API (jsc#SLE-11178).
- s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11178).
- s390/unwind: remove stack recursion warning (jsc#SLE-11178).
- s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11178).
- s390/unwind: start unwinding from reliable state (jsc#SLE-11178).
- s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11178).
- s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11178).
- s390/unwind: unify task is current checks (jsc#SLE-11178).
- s390: add stack switch helper (jsc#SLE-11178).
- s390: add support for virtually mapped kernel stacks (jsc#SLE-11178).
- s390: always inline current_stack_pointer() (jsc#SLE-11178).
- s390: always inline disabled_wait (jsc#SLE-11178).
- s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11178).
- s390: clean up stacks setup (jsc#SLE-11178).
- s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11178).
- s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11178).
- s390: fine-tune stack switch helper (jsc#SLE-11178).
- s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11178).
- s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11178).
- s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11178).
- s390: kabi workaround for reliable stack tracing (jsc#SLE-11178).
- s390: preserve kabi for stack unwind API (jsc#SLE-11178).
- s390: unify stack size definitions (jsc#SLE-11178).
- scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1154601).
- scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013).
- scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013).
- scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013).
- scsi: qla2xxx: Consolidate fabric scan (bsc#1158013).
- scsi: qla2xxx: Correct fcport flags handling (bsc#1158013).
- scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013).
- scsi: qla2xxx: Fix fabric scan hang (bsc#1158013).
- scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013).
- scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013).
- scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013).
- scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013).
- scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013).
- scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013).
- scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013).
- scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013).
- scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013).
- scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013).
- sctp: cache netns in sctp_ep_common (networking-stable-19_12_03).
- sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25).
- sfc: Remove 'PCIE error reporting unavailable' (bsc#1161472).
- smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333).
- smb3: Fix persistent handles reconnect (bsc#1144333).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333).
- stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11178).
- stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11178).
- stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11178).
- stacktrace: Provide common infrastructure (jsc#SLE-11178).
- stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11178).
- stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11178).
- stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11178).
- tcp: clear tp->packets_out when purging write queue (bsc#1160560).
- tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159).
- tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16).
- tracing: Cleanup stack trace code (jsc#SLE-11178).
- tracing: Have the histogram compare functions convert to u64 first (bsc#1160210).
- workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211).
- x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279).
- x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279).
- x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279).
- x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279).
- x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279).
- x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279).
- x86/resctrl: Fix potential memory leak (bsc#1114279).
- xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917).
- xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600).
- xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917).
Patchnames
SUSE-2020-605,SUSE-SLE-RT-12-SP5-2020-605
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 SP5 real-time kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).\n- CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157).\n- CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155).\n- CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523).\n- CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root-\u003enode) can be zero (bnc#1157692).\n- CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).\n- CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518).\n- CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).\n- CVE-2019-19927: A slab-out-of-bounds read access could have been caused when mounting a crafted f2fs filesystem image and performing some operations on it, in drivers/gpu/drm/ttm/ttm_page_alloc.c (bnc#1160147).\n- CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911).\n- CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966).\n\n\nThe following non-security bugs were fixed:\n\n- ALSA: hda - Apply sync-write workaround to old Intel platforms, too (bsc#1111666).\n- ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker (bsc#1111666).\n- ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666).\n- ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen (bsc#1111666).\n- ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC (bsc#1111666).\n- ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666).\n- ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).\n- ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 (bsc#1111666).\n- ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).\n- ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).\n- ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI (bsc#1111666).\n- Fix partial checked out tree build ... so that bisection does not break.\n- Fix the locking in dcache_readdir() and friends (bsc#1123328).\n- HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).\n- HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).\n- HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).\n- IB/hfi1: Do not cancel unused work item (bsc#1114685 ).\n- NFC: pn533: fix bulk-message timeout (bsc#1051510).\n- RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).\n- Temporary workaround for bsc#1159096 should no longer be needed.\n- USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510).\n- USB: serial: io_edgeport: add missing active-port sanity check (bsc#1051510).\n- USB: serial: keyspan: handle unbound ports (bsc#1051510).\n- USB: serial: opticon: fix control-message timeouts (bsc#1051510).\n- USB: serial: quatech2: handle unbound ports (bsc#1051510).\n- USB: serial: suppress driver bind attributes (bsc#1051510).\n- blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1159377).\n- blk-mq: make sure that line break can be printed (bsc#1159377).\n- bnxt: apply computed clamp value for coalece parameter (bsc#1104745).\n- bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ).\n- bnxt_en: Return error if FW returns more data than dump length (bsc#1104745).\n- bpf/sockmap: Read psock ingress_msg before sk_receive_queue (bsc#1083647).\n- bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647).\n- bpf: Reject indirect var_off stack access in raw mode (bsc#1160618).\n- bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618).\n- bpf: Sanity check max value for var_off stack access (bco#1160618).\n- bpf: Support variable offset stack access from helpers (bco#1160618).\n- bpf: add self-check logic to liveness analysis (bsc#1160618).\n- bpf: add verifier stats and log_level bit 2 (bsc#1160618).\n- bpf: improve stacksafe state comparison (bco#1160618).\n- bpf: improve verification speed by droping states (bsc#1160618).\n- bpf: improve verification speed by not remarking live_read (bsc#1160618).\n- bpf: improve verifier branch analysis (bsc#1160618).\n- bpf: increase complexity limit and maximum program size (bsc#1160618).\n- bpf: increase verifier log limit (bsc#1160618).\n- bpf: speed up stacksafe check (bco#1160618).\n- bpf: verifier: teach the verifier to reason about the BPF_JSET instruction (bco#1160618).\n- btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692).\n- btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442).\n- btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804).\n- btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).\n- btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802).\n- btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803).\n- btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692).\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692).\n- btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).\n- btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692).\n- btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692).\n- btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692).\n- btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692).\n- btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692).\n- btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692).\n- btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).\n- btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692).\n- btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692).\n- can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510).\n- can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510).\n- cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510).\n- cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).\n- cgroup: pids: use atomic64_t for pids-\u003elimit (bsc#1161514).\n- cifs: Close cached root handle only if it had a lease (bsc#1144333).\n- cifs: Close open handle after interrupted close (bsc#1144333).\n- cifs: Do not miss cancelled OPEN responses (bsc#1144333).\n- cifs: Fix NULL pointer dereference in mid callback (bsc#1144333).\n- cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333).\n- cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333).\n- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).\n- cifs: Fix mount options set in automount (bsc#1144333).\n- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333).\n- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).\n- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).\n- cifs: Properly process SMB3 lease breaks (bsc#1144333).\n- cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).\n- cifs: add support for flock (bsc#1144333).\n- cifs: close the shared root handle on tree disconnect (bsc#1144333).\n- cifs: remove set but not used variables \u0027cinode\u0027 and \u0027netfid\u0027 (bsc#1144333).\n- clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes).\n- clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).\n- clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).\n- clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510).\n- clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).\n- drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).\n- drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).\n- drm/i810: Prevent underflow in ioctl (bsc#1114279)\n- drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178)\n- drm/i915/gvt: set guest display buffer as readonly (bsc#1112178)\n- drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178)\n- drm/i915: Add missing include file \u003clinux/math64.h\u003e (bsc#1051510).\n- drm/i915: Fix pid leak with banned clients (bsc#1114279)\n- drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)\n- drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)\n- drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279)\n- drm/sun4i: hdmi: Remove duplicate cleanup calls (bsc#1113956)\n- drm: limit to INT_MAX in create_blob ioctl (bsc#1051510).\n- exit: panic before exit_mm() on global init exit (bsc#1161549).\n- extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510).\n- fjes: fix missed check in fjes_acpi_add (bsc#1051510).\n- fs: cifs: Fix atime update check vs mtime (bsc#1144333).\n- ftrace: Avoid potential division by zero in function profiler (bsc#1160784).\n- gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510).\n- hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510).\n- iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510).\n- inet: protect against too small mtu values (networking-stable-19_12_16).\n- init: add arch_call_rest_init to allow stack switching (jsc#SLE-11178).\n- iommu/iova: Init the struct iova to fix the possible memleak (bsc#1160469).\n- iommu/mediatek: Correct the flush_iotlb_all callback (bsc#1160470).\n- iommu/vt-d: Unlink device if failed to add to group (bsc#1160756).\n- iommu: Remove device link to group on failure (bsc#1160755).\n- iwlwifi: change monitor DMA to be coherent (bsc#1161243).\n- kABI fixup for alloc_dax_region (bsc#1158071,bsc#1160678).\n- kABI: Protest new fields in BPF structs (bsc#1160618).\n- kABI: protect struct sctp_ep_common (kabi).\n- kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787).\n- kvm: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476).\n- leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674).\n- leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674).\n- livepatch: Simplify stack trace retrieval (jsc#SLE-11178).\n- mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO (bsc#1112374).\n- mm, debug_pagealloc: do not rely on static keys too early (VM debuging functionality, bsc#1159096).\n- mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394).\n- mmc: sdhci: Add a quirk for broken command queuing (git-fixes).\n- mmc: sdhci: Workaround broken command queuing on Intel GLK (git-fixes).\n- net, sysctl: Fix compiler warning when only cBPF is present (bsc#1109837).\n- net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25).\n- net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25).\n- net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858).\n- net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25).\n- net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16).\n- net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16).\n- net: psample: fix skb_over_panic (networking-stable-19_12_03).\n- net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25).\n- net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03).\n- net: usb: lan78xx: limit size of local TSO packets (bsc#1051510).\n- net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18).\n- openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03).\n- openvswitch: remove another BUG_ON() (networking-stable-19_12_03).\n- openvswitch: support asymmetric conntrack (networking-stable-19_12_16).\n- platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510).\n- powerpc/irq: fix stack overflow verification (bsc#1065729).\n- powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875).\n- powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729).\n- powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729).\n- powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740).\n- powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes).\n- powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729).\n- powerpc/tools: Do not quote $objdump in scripts (bsc#1065729).\n- powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030).\n- powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges \u003e4GB (bnc#1151927 5.3.17).\n- powerpc: Allow flush_icache_range to work across ranges \u003e4GB (bnc#1151927 5.3.17).\n- qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ).\n- r8152: add missing endpoint sanity check (bsc#1051510).\n- s390/ftrace: save traced function caller (jsc#SLE-11178).\n- s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11178).\n- s390/head64: correct init_task stack setup (jsc#SLE-11178).\n- s390/kasan: avoid false positives during stack unwind (jsc#SLE-11178).\n- s390/kasan: avoid report in get_wchan (jsc#SLE-11178).\n- s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11178).\n- s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11178).\n- s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11178).\n- s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11178).\n- s390/test_unwind: print verbose unwinding results (jsc#SLE-11178).\n- s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11178).\n- s390/unwind: always inline get_stack_pointer (jsc#SLE-11178).\n- s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11178).\n- s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11178).\n- s390/unwind: correct stack switching during unwind (jsc#SLE-11178).\n- s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11178).\n- s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11178).\n- s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11178).\n- s390/unwind: fix mixing regs and sp (jsc#SLE-11178).\n- s390/unwind: introduce stack unwind API (jsc#SLE-11178).\n- s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11178).\n- s390/unwind: remove stack recursion warning (jsc#SLE-11178).\n- s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11178).\n- s390/unwind: start unwinding from reliable state (jsc#SLE-11178).\n- s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11178).\n- s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11178).\n- s390/unwind: unify task is current checks (jsc#SLE-11178).\n- s390: add stack switch helper (jsc#SLE-11178).\n- s390: add support for virtually mapped kernel stacks (jsc#SLE-11178).\n- s390: always inline current_stack_pointer() (jsc#SLE-11178).\n- s390: always inline disabled_wait (jsc#SLE-11178).\n- s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11178).\n- s390: clean up stacks setup (jsc#SLE-11178).\n- s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11178).\n- s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11178).\n- s390: fine-tune stack switch helper (jsc#SLE-11178).\n- s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11178).\n- s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11178).\n- s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11178).\n- s390: kabi workaround for reliable stack tracing (jsc#SLE-11178).\n- s390: preserve kabi for stack unwind API (jsc#SLE-11178).\n- s390: unify stack size definitions (jsc#SLE-11178).\n- scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1154601).\n- scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013).\n- scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013).\n- scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013).\n- scsi: qla2xxx: Consolidate fabric scan (bsc#1158013).\n- scsi: qla2xxx: Correct fcport flags handling (bsc#1158013).\n- scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013).\n- scsi: qla2xxx: Fix fabric scan hang (bsc#1158013).\n- scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013).\n- scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013).\n- scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013).\n- scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013).\n- scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013).\n- scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013).\n- scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013).\n- scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013).\n- scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013).\n- scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013).\n- sctp: cache netns in sctp_ep_common (networking-stable-19_12_03).\n- sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25).\n- sfc: Remove \u0027PCIE error reporting unavailable\u0027 (bsc#1161472).\n- smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333).\n- smb3: Fix persistent handles reconnect (bsc#1144333).\n- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333).\n- smb3: remove confusing dmesg when mounting with encryption (\u0027seal\u0027) (bsc#1144333).\n- stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11178).\n- stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11178).\n- stacktrace: Get rid of unneeded \u0027!!\u0027 pattern (jsc#SLE-11178).\n- stacktrace: Provide common infrastructure (jsc#SLE-11178).\n- stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11178).\n- stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11178).\n- stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11178).\n- tcp: clear tp-\u003epackets_out when purging write queue (bsc#1160560).\n- tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159).\n- tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16).\n- tracing: Cleanup stack trace code (jsc#SLE-11178).\n- tracing: Have the histogram compare functions convert to u64 first (bsc#1160210).\n- workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211).\n- x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279).\n- x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279).\n- x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279).\n- x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279).\n- x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279).\n- x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279).\n- x86/resctrl: Fix potential memory leak (bsc#1114279).\n- xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917).\n- xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600).\n- xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-605,SUSE-SLE-RT-12-SP5-2020-605",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0605-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0605-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200605-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0605-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-March/006582.html"
},
{
"category": "self",
"summary": "SUSE Bug 1050244",
"url": "https://bugzilla.suse.com/1050244"
},
{
"category": "self",
"summary": "SUSE Bug 1051510",
"url": "https://bugzilla.suse.com/1051510"
},
{
"category": "self",
"summary": "SUSE Bug 1051858",
"url": "https://bugzilla.suse.com/1051858"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1071995",
"url": "https://bugzilla.suse.com/1071995"
},
{
"category": "self",
"summary": "SUSE Bug 1083647",
"url": "https://bugzilla.suse.com/1083647"
},
{
"category": "self",
"summary": "SUSE Bug 1085030",
"url": "https://bugzilla.suse.com/1085030"
},
{
"category": "self",
"summary": "SUSE Bug 1086301",
"url": "https://bugzilla.suse.com/1086301"
},
{
"category": "self",
"summary": "SUSE Bug 1086313",
"url": "https://bugzilla.suse.com/1086313"
},
{
"category": "self",
"summary": "SUSE Bug 1086314",
"url": "https://bugzilla.suse.com/1086314"
},
{
"category": "self",
"summary": "SUSE Bug 1104745",
"url": "https://bugzilla.suse.com/1104745"
},
{
"category": "self",
"summary": "SUSE Bug 1109837",
"url": "https://bugzilla.suse.com/1109837"
},
{
"category": "self",
"summary": "SUSE Bug 1111666",
"url": "https://bugzilla.suse.com/1111666"
},
{
"category": "self",
"summary": "SUSE Bug 1112178",
"url": "https://bugzilla.suse.com/1112178"
},
{
"category": "self",
"summary": "SUSE Bug 1112374",
"url": "https://bugzilla.suse.com/1112374"
},
{
"category": "self",
"summary": "SUSE Bug 1113956",
"url": "https://bugzilla.suse.com/1113956"
},
{
"category": "self",
"summary": "SUSE Bug 1114279",
"url": "https://bugzilla.suse.com/1114279"
},
{
"category": "self",
"summary": "SUSE Bug 1114685",
"url": "https://bugzilla.suse.com/1114685"
},
{
"category": "self",
"summary": "SUSE Bug 1123328",
"url": "https://bugzilla.suse.com/1123328"
},
{
"category": "self",
"summary": "SUSE Bug 1144333",
"url": "https://bugzilla.suse.com/1144333"
},
{
"category": "self",
"summary": "SUSE Bug 1151927",
"url": "https://bugzilla.suse.com/1151927"
},
{
"category": "self",
"summary": "SUSE Bug 1153917",
"url": "https://bugzilla.suse.com/1153917"
},
{
"category": "self",
"summary": "SUSE Bug 1154601",
"url": "https://bugzilla.suse.com/1154601"
},
{
"category": "self",
"summary": "SUSE Bug 1157155",
"url": "https://bugzilla.suse.com/1157155"
},
{
"category": "self",
"summary": "SUSE Bug 1157157",
"url": "https://bugzilla.suse.com/1157157"
},
{
"category": "self",
"summary": "SUSE Bug 1157692",
"url": "https://bugzilla.suse.com/1157692"
},
{
"category": "self",
"summary": "SUSE Bug 1158013",
"url": "https://bugzilla.suse.com/1158013"
},
{
"category": "self",
"summary": "SUSE Bug 1158026",
"url": "https://bugzilla.suse.com/1158026"
},
{
"category": "self",
"summary": "SUSE Bug 1158071",
"url": "https://bugzilla.suse.com/1158071"
},
{
"category": "self",
"summary": "SUSE Bug 1159028",
"url": "https://bugzilla.suse.com/1159028"
},
{
"category": "self",
"summary": "SUSE Bug 1159096",
"url": "https://bugzilla.suse.com/1159096"
},
{
"category": "self",
"summary": "SUSE Bug 1159377",
"url": "https://bugzilla.suse.com/1159377"
},
{
"category": "self",
"summary": "SUSE Bug 1159394",
"url": "https://bugzilla.suse.com/1159394"
},
{
"category": "self",
"summary": "SUSE Bug 1159588",
"url": "https://bugzilla.suse.com/1159588"
},
{
"category": "self",
"summary": "SUSE Bug 1159911",
"url": "https://bugzilla.suse.com/1159911"
},
{
"category": "self",
"summary": "SUSE Bug 1160147",
"url": "https://bugzilla.suse.com/1160147"
},
{
"category": "self",
"summary": "SUSE Bug 1160195",
"url": "https://bugzilla.suse.com/1160195"
},
{
"category": "self",
"summary": "SUSE Bug 1160210",
"url": "https://bugzilla.suse.com/1160210"
},
{
"category": "self",
"summary": "SUSE Bug 1160211",
"url": "https://bugzilla.suse.com/1160211"
},
{
"category": "self",
"summary": "SUSE Bug 1160433",
"url": "https://bugzilla.suse.com/1160433"
},
{
"category": "self",
"summary": "SUSE Bug 1160442",
"url": "https://bugzilla.suse.com/1160442"
},
{
"category": "self",
"summary": "SUSE Bug 1160469",
"url": "https://bugzilla.suse.com/1160469"
},
{
"category": "self",
"summary": "SUSE Bug 1160470",
"url": "https://bugzilla.suse.com/1160470"
},
{
"category": "self",
"summary": "SUSE Bug 1160476",
"url": "https://bugzilla.suse.com/1160476"
},
{
"category": "self",
"summary": "SUSE Bug 1160560",
"url": "https://bugzilla.suse.com/1160560"
},
{
"category": "self",
"summary": "SUSE Bug 1160618",
"url": "https://bugzilla.suse.com/1160618"
},
{
"category": "self",
"summary": "SUSE Bug 1160678",
"url": "https://bugzilla.suse.com/1160678"
},
{
"category": "self",
"summary": "SUSE Bug 1160755",
"url": "https://bugzilla.suse.com/1160755"
},
{
"category": "self",
"summary": "SUSE Bug 1160756",
"url": "https://bugzilla.suse.com/1160756"
},
{
"category": "self",
"summary": "SUSE Bug 1160784",
"url": "https://bugzilla.suse.com/1160784"
},
{
"category": "self",
"summary": "SUSE Bug 1160787",
"url": "https://bugzilla.suse.com/1160787"
},
{
"category": "self",
"summary": "SUSE Bug 1160802",
"url": "https://bugzilla.suse.com/1160802"
},
{
"category": "self",
"summary": "SUSE Bug 1160803",
"url": "https://bugzilla.suse.com/1160803"
},
{
"category": "self",
"summary": "SUSE Bug 1160804",
"url": "https://bugzilla.suse.com/1160804"
},
{
"category": "self",
"summary": "SUSE Bug 1160917",
"url": "https://bugzilla.suse.com/1160917"
},
{
"category": "self",
"summary": "SUSE Bug 1160966",
"url": "https://bugzilla.suse.com/1160966"
},
{
"category": "self",
"summary": "SUSE Bug 1161087",
"url": "https://bugzilla.suse.com/1161087"
},
{
"category": "self",
"summary": "SUSE Bug 1161243",
"url": "https://bugzilla.suse.com/1161243"
},
{
"category": "self",
"summary": "SUSE Bug 1161472",
"url": "https://bugzilla.suse.com/1161472"
},
{
"category": "self",
"summary": "SUSE Bug 1161514",
"url": "https://bugzilla.suse.com/1161514"
},
{
"category": "self",
"summary": "SUSE Bug 1161518",
"url": "https://bugzilla.suse.com/1161518"
},
{
"category": "self",
"summary": "SUSE Bug 1161522",
"url": "https://bugzilla.suse.com/1161522"
},
{
"category": "self",
"summary": "SUSE Bug 1161523",
"url": "https://bugzilla.suse.com/1161523"
},
{
"category": "self",
"summary": "SUSE Bug 1161549",
"url": "https://bugzilla.suse.com/1161549"
},
{
"category": "self",
"summary": "SUSE Bug 1161674",
"url": "https://bugzilla.suse.com/1161674"
},
{
"category": "self",
"summary": "SUSE Bug 1161875",
"url": "https://bugzilla.suse.com/1161875"
},
{
"category": "self",
"summary": "SUSE Bug 1162028",
"url": "https://bugzilla.suse.com/1162028"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14615 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14896 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14897 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16994 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19036 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19045 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19054 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19318 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19927 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19965 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7053 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7053/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-03-06T10:09:59Z",
"generator": {
"date": "2020-03-06T10:09:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0605-1",
"initial_release_date": "2020-03-06T10:09:59Z",
"revision_history": [
{
"date": "2020-03-06T10:09:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-4.12.14-6.3.1.noarch",
"product": {
"name": "kernel-devel-rt-4.12.14-6.3.1.noarch",
"product_id": "kernel-devel-rt-4.12.14-6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-4.12.14-6.3.1.noarch",
"product": {
"name": "kernel-source-rt-4.12.14-6.3.1.noarch",
"product_id": "kernel-source-rt-4.12.14-6.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"product_id": "cluster-md-kmp-rt-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"product": {
"name": "dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"product_id": "dlm-kmp-rt-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"product_id": "gfs2-kmp-rt-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-4.12.14-6.3.1.x86_64",
"product": {
"name": "kernel-rt-4.12.14-6.3.1.x86_64",
"product_id": "kernel-rt-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-4.12.14-6.3.1.x86_64",
"product": {
"name": "kernel-rt-base-4.12.14-6.3.1.x86_64",
"product_id": "kernel-rt-base-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-4.12.14-6.3.1.x86_64",
"product": {
"name": "kernel-rt-devel-4.12.14-6.3.1.x86_64",
"product_id": "kernel-rt-devel-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-4.12.14-6.3.1.x86_64",
"product": {
"name": "kernel-rt_debug-4.12.14-6.3.1.x86_64",
"product_id": "kernel-rt_debug-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"product_id": "kernel-rt_debug-devel-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-4.12.14-6.3.1.x86_64",
"product": {
"name": "kernel-syms-rt-4.12.14-6.3.1.x86_64",
"product_id": "kernel-syms-rt-4.12.14-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"product_id": "ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-linux-enterprise-rt:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64"
},
"product_reference": "dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-4.12.14-6.3.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch"
},
"product_reference": "kernel-devel-rt-4.12.14-6.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64"
},
"product_reference": "kernel-rt-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64"
},
"product_reference": "kernel-rt-base-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64"
},
"product_reference": "kernel-rt-devel-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64"
},
"product_reference": "kernel-rt_debug-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-4.12.14-6.3.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch"
},
"product_reference": "kernel-source-rt-4.12.14-6.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64"
},
"product_reference": "kernel-syms-rt-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-4.12.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14615"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14615",
"url": "https://www.suse.com/security/cve/CVE-2019-14615"
},
{
"category": "external",
"summary": "SUSE Bug 1160195 for CVE-2019-14615",
"url": "https://bugzilla.suse.com/1160195"
},
{
"category": "external",
"summary": "SUSE Bug 1165881 for CVE-2019-14615",
"url": "https://bugzilla.suse.com/1165881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14615"
},
{
"cve": "CVE-2019-14896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14896"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14896",
"url": "https://www.suse.com/security/cve/CVE-2019-14896"
},
{
"category": "external",
"summary": "SUSE Bug 1157157 for CVE-2019-14896",
"url": "https://bugzilla.suse.com/1157157"
},
{
"category": "external",
"summary": "SUSE Bug 1160468 for CVE-2019-14896",
"url": "https://bugzilla.suse.com/1160468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "important"
}
],
"title": "CVE-2019-14896"
},
{
"cve": "CVE-2019-14897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14897"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14897",
"url": "https://www.suse.com/security/cve/CVE-2019-14897"
},
{
"category": "external",
"summary": "SUSE Bug 1157155 for CVE-2019-14897",
"url": "https://bugzilla.suse.com/1157155"
},
{
"category": "external",
"summary": "SUSE Bug 1160467 for CVE-2019-14897",
"url": "https://bugzilla.suse.com/1160467"
},
{
"category": "external",
"summary": "SUSE Bug 1160468 for CVE-2019-14897",
"url": "https://bugzilla.suse.com/1160468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "important"
}
],
"title": "CVE-2019-14897"
},
{
"cve": "CVE-2019-16994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn-\u003efb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16994",
"url": "https://www.suse.com/security/cve/CVE-2019-16994"
},
{
"category": "external",
"summary": "SUSE Bug 1161523 for CVE-2019-16994",
"url": "https://bugzilla.suse.com/1161523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-16994"
},
{
"cve": "CVE-2019-19036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19036"
}
],
"notes": [
{
"category": "general",
"text": "btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root-\u003enode) can be zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19036",
"url": "https://www.suse.com/security/cve/CVE-2019-19036"
},
{
"category": "external",
"summary": "SUSE Bug 1157692 for CVE-2019-19036",
"url": "https://bugzilla.suse.com/1157692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-19036"
},
{
"cve": "CVE-2019-19045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19045"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19045",
"url": "https://www.suse.com/security/cve/CVE-2019-19045"
},
{
"category": "external",
"summary": "SUSE Bug 1161522 for CVE-2019-19045",
"url": "https://bugzilla.suse.com/1161522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-19045"
},
{
"cve": "CVE-2019-19054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19054"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19054",
"url": "https://www.suse.com/security/cve/CVE-2019-19054"
},
{
"category": "external",
"summary": "SUSE Bug 1161518 for CVE-2019-19054",
"url": "https://bugzilla.suse.com/1161518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-19054"
},
{
"cve": "CVE-2019-19318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19318",
"url": "https://www.suse.com/security/cve/CVE-2019-19318"
},
{
"category": "external",
"summary": "SUSE Bug 1158026 for CVE-2019-19318",
"url": "https://bugzilla.suse.com/1158026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-19318"
},
{
"cve": "CVE-2019-19927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19927",
"url": "https://www.suse.com/security/cve/CVE-2019-19927"
},
{
"category": "external",
"summary": "SUSE Bug 1160147 for CVE-2019-19927",
"url": "https://bugzilla.suse.com/1160147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "low"
}
],
"title": "CVE-2019-19927"
},
{
"cve": "CVE-2019-19965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19965",
"url": "https://www.suse.com/security/cve/CVE-2019-19965"
},
{
"category": "external",
"summary": "SUSE Bug 1159911 for CVE-2019-19965",
"url": "https://bugzilla.suse.com/1159911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-19965"
},
{
"cve": "CVE-2020-7053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7053",
"url": "https://www.suse.com/security/cve/CVE-2020-7053"
},
{
"category": "external",
"summary": "SUSE Bug 1160966 for CVE-2020-7053",
"url": "https://bugzilla.suse.com/1160966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-6.3.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-6.3.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-06T10:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2020-7053"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…