1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2019:2299-1

[SUSE-SU-2019:2299-1] Security update for the Linux Kernel

Severity Important
Affected Packages 18
CVEs 12
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') could have caused a system lock up and a denial of service (bnc#1123161).
  • CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922).
  • CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920).
  • CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189).
  • CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191).
  • CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023).
  • CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399).
  • CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).
  • CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857).
  • CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048).
  • CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045).
  • CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163).

The following non-security bugs were fixed:

  • bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288).
  • bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288).
  • bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257).
  • bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273).
  • bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288).
  • bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288).
  • btrfs: improve delayed refs iterations (bsc#1076033, bsc#1107256).
  • i40e: add functions to control default VSI (bsc#1141628).
  • i40e: set default VSI without a reset (bsc#1141628).
  • mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1142098).
  • nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012).
  • powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454).
  • qib/hfi1: Fix MR reference count leak on write with immediate (bsc#1045640).
  • sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920).
  • sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920).
  • x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903).
  • xen: let alloc_xenballooned_pages() fail if not enough memory free (XSA-300).
Package Affected Version
pkg:rpm/suse/kgraft-patch-4_4_121-92_120-default?arch=x86_64&distro=sles-12&sp=2 < 1-3.3.1
pkg:rpm/suse/kgraft-patch-4_4_121-92_120-default?arch=ppc64le&distro=sles-12&sp=2 < 1-3.3.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12&sp=2 < 4.4.121-92.120.1
pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12&sp=2 < 4.4.121-92.120.1
ID
SUSE-SU-2019:2299-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2019/suse-su-20192299-1/
Published
2019-09-05T06:56:18
(5 years ago)
Modified
2019-09-05T06:56:18
(5 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2299-1.json
Suse URL for SUSE-SU-2019:2299-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192299-1/
Suse E-Mail link for SUSE-SU-2019:2299-1 https://lists.suse.com/pipermail/sle-security-updates/2019-September/005881.html
Bugzilla SUSE Bug 1045640 https://bugzilla.suse.com/1045640
Bugzilla SUSE Bug 1076033 https://bugzilla.suse.com/1076033
Bugzilla SUSE Bug 1107256 https://bugzilla.suse.com/1107256
Bugzilla SUSE Bug 1123161 https://bugzilla.suse.com/1123161
Bugzilla SUSE Bug 1130972 https://bugzilla.suse.com/1130972
Bugzilla SUSE Bug 1134399 https://bugzilla.suse.com/1134399
Bugzilla SUSE Bug 1139358 https://bugzilla.suse.com/1139358
Bugzilla SUSE Bug 1140012 https://bugzilla.suse.com/1140012
Bugzilla SUSE Bug 1140652 https://bugzilla.suse.com/1140652
Bugzilla SUSE Bug 1140903 https://bugzilla.suse.com/1140903
Bugzilla SUSE Bug 1140945 https://bugzilla.suse.com/1140945
Bugzilla SUSE Bug 1141401 https://bugzilla.suse.com/1141401
Bugzilla SUSE Bug 1141402 https://bugzilla.suse.com/1141402
Bugzilla SUSE Bug 1141452 https://bugzilla.suse.com/1141452
Bugzilla SUSE Bug 1141453 https://bugzilla.suse.com/1141453
Bugzilla SUSE Bug 1141454 https://bugzilla.suse.com/1141454
Bugzilla SUSE Bug 1141628 https://bugzilla.suse.com/1141628
Bugzilla SUSE Bug 1142023 https://bugzilla.suse.com/1142023
Bugzilla SUSE Bug 1142098 https://bugzilla.suse.com/1142098
Bugzilla SUSE Bug 1142857 https://bugzilla.suse.com/1142857
Bugzilla SUSE Bug 1143045 https://bugzilla.suse.com/1143045
Bugzilla SUSE Bug 1143048 https://bugzilla.suse.com/1143048
Bugzilla SUSE Bug 1143189 https://bugzilla.suse.com/1143189
Bugzilla SUSE Bug 1143191 https://bugzilla.suse.com/1143191
Bugzilla SUSE Bug 1144257 https://bugzilla.suse.com/1144257
Bugzilla SUSE Bug 1144273 https://bugzilla.suse.com/1144273
Bugzilla SUSE Bug 1144288 https://bugzilla.suse.com/1144288
Bugzilla SUSE Bug 1144920 https://bugzilla.suse.com/1144920
Bugzilla SUSE Bug 1145920 https://bugzilla.suse.com/1145920
Bugzilla SUSE Bug 1145922 https://bugzilla.suse.com/1145922
Bugzilla SUSE Bug 1146163 https://bugzilla.suse.com/1146163
CVE SUSE CVE CVE-2017-18551 page https://www.suse.com/security/cve/CVE-2017-18551/
CVE SUSE CVE CVE-2018-20855 page https://www.suse.com/security/cve/CVE-2018-20855/
CVE SUSE CVE CVE-2018-20856 page https://www.suse.com/security/cve/CVE-2018-20856/
CVE SUSE CVE CVE-2019-10207 page https://www.suse.com/security/cve/CVE-2019-10207/
CVE SUSE CVE CVE-2019-1125 page https://www.suse.com/security/cve/CVE-2019-1125/
CVE SUSE CVE CVE-2019-11810 page https://www.suse.com/security/cve/CVE-2019-11810/
CVE SUSE CVE CVE-2019-13631 page https://www.suse.com/security/cve/CVE-2019-13631/
CVE SUSE CVE CVE-2019-14283 page https://www.suse.com/security/cve/CVE-2019-14283/
CVE SUSE CVE CVE-2019-14284 page https://www.suse.com/security/cve/CVE-2019-14284/
CVE SUSE CVE CVE-2019-15117 page https://www.suse.com/security/cve/CVE-2019-15117/
CVE SUSE CVE CVE-2019-15118 page https://www.suse.com/security/cve/CVE-2019-15118/
CVE SUSE CVE CVE-2019-3819 page https://www.suse.com/security/cve/CVE-2019-3819/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kgraft-patch-4_4_121-92_120-default?arch=x86_64&distro=sles-12&sp=2 suse kgraft-patch-4_4_121-92_120-default < 1-3.3.1 sles-12 x86_64
Affected pkg:rpm/suse/kgraft-patch-4_4_121-92_120-default?arch=ppc64le&distro=sles-12&sp=2 suse kgraft-patch-4_4_121-92_120-default < 1-3.3.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2 suse kernel-syms < 4.4.121-92.120.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12&sp=2 suse kernel-syms < 4.4.121-92.120.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12&sp=2 suse kernel-syms < 4.4.121-92.120.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2 suse kernel-source < 4.4.121-92.120.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2 suse kernel-macros < 4.4.121-92.120.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2 suse kernel-devel < 4.4.121-92.120.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2 suse kernel-default < 4.4.121-92.120.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12&sp=2 suse kernel-default < 4.4.121-92.120.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12&sp=2 suse kernel-default < 4.4.121-92.120.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12&sp=2 suse kernel-default-man < 4.4.121-92.120.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2 suse kernel-default-devel < 4.4.121-92.120.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12&sp=2 suse kernel-default-devel < 4.4.121-92.120.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12&sp=2 suse kernel-default-devel < 4.4.121-92.120.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2 suse kernel-default-base < 4.4.121-92.120.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12&sp=2 suse kernel-default-base < 4.4.121-92.120.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12&sp=2 suse kernel-default-base < 4.4.121-92.120.1 sles-12 ppc64le
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date