Security update for the Linux Kernel (Live Patch 20 for SLE 15) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3178-1 Final 1 1 2020-11-05T13:49:07Z current 2020-11-05T13:49:07Z 2020-11-05T13:49:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 20 for SLE 15) This update for the Linux Kernel 4.12.14-150_58 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-3178,SUSE-SLE-Module-Live-Patching-15-2020-3178 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/ Link for SUSE-SU-2020:3178-1 https://lists.suse.com/pipermail/sle-security-updates/2020-November/007706.html E-Mail link for SUSE-SU-2020:3178-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1173942 SUSE Bug 1173942 https://bugzilla.suse.com/1176012 SUSE Bug 1176012 https://bugzilla.suse.com/1176382 SUSE Bug 1176382 https://bugzilla.suse.com/1176896 SUSE Bug 1176896 https://www.suse.com/security/cve/CVE-2020-0431/ SUSE CVE CVE-2020-0431 page https://www.suse.com/security/cve/CVE-2020-11668/ SUSE CVE CVE-2020-11668 page https://www.suse.com/security/cve/CVE-2020-14381/ SUSE CVE CVE-2020-14381 page https://www.suse.com/security/cve/CVE-2020-25212/ SUSE CVE CVE-2020-25212 page SUSE Linux Enterprise Live Patching 15 kernel-livepatch-4_12_14-150_58-default-2-2.1 kernel-livepatch-4_12_14-150_58-default-2-2.1 as a component of SUSE Linux Enterprise Live Patching 15 In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 CVE-2020-0431 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/ https://www.suse.com/security/cve/CVE-2020-0431.html CVE-2020-0431 https://bugzilla.suse.com/1176722 SUSE Bug 1176722 https://bugzilla.suse.com/1176896 SUSE Bug 1176896 In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. CVE-2020-11668 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1 important 5.6 AV:L/AC:L/Au:N/C:N/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/ https://www.suse.com/security/cve/CVE-2020-11668.html CVE-2020-11668 https://bugzilla.suse.com/1168952 SUSE Bug 1168952 https://bugzilla.suse.com/1173942 SUSE Bug 1173942 A flaw was found in the Linux kernel's futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-14381 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/ https://www.suse.com/security/cve/CVE-2020-14381.html CVE-2020-14381 https://bugzilla.suse.com/1176011 SUSE Bug 1176011 https://bugzilla.suse.com/1176012 SUSE Bug 1176012 A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. CVE-2020-25212 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/ https://www.suse.com/security/cve/CVE-2020-25212.html CVE-2020-25212 https://bugzilla.suse.com/1176381 SUSE Bug 1176381 https://bugzilla.suse.com/1176382 SUSE Bug 1176382 https://bugzilla.suse.com/1177027 SUSE Bug 1177027