SUSE-SU-2020:3507-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3507-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:3507-1
- Related
- Published
- 2020-11-24T16:17:12Z
- Modified
- 2020-11-24T16:17:12Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
- CVE-2020-25704: Fixed a memory leak in perfeventparseaddrfilter() (bsc#1178393).
- CVE-2020-25668: Fixed a use-after-free in confontop() (bnc#1178123).
The following non-security bugs were fixed:
- 9P: Cast to loff_t before multiplying (git-fixes).
- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).
- ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).
- ACPI: dock: fix enum-conversion warning (git-fixes).
- ACPI / extlog: Check for RDMSR failure (git-fixes).
- ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).
- ALSA: hda - Fix the return value if cb func is already registered (git-fixes).
- ALSA: hda: prevent undefined shift in sndhdacextbusget_link() (git-fixes).
- ata: sata_rcar: Fix DMA boundary mask (git-fixes).
- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).
- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).
- bus/fslmc: Do not rely on caller to provide non NULL mcio (git-fixes).
- can: cancreateechoskb(): fix echo skb generation: always use skbclone() (git-fixes).
- can: dev: _cangetechoskb(): fix real payload length return value for RTR frames (git-fixes).
- can: dev: cangetechoskb(): prevent call to kfreeskb() in hard IRQ context (git-fixes).
- can: peakcanfd: pucanhandlecanrx(): fix echo management when loopback is on (git-fixes).
- can: peak_usb: add range checking in decode operations (git-fixes).
- can: peakusb: peakusbgetts_time(): fix timestamp wrapping (git-fixes).
- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).
- clk: ti: clockdomain: fix static checker warning (git-fixes).
- crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).
- device property: Do not clear secondary pointer for shared primary firmware node (git-fixes).
- device property: Keep secondary firmware node secondary by type (git-fixes).
- drbd: code cleanup by using sendpageok() to check page for kernelsendpage() (bsc#1172873).
- drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).
- drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).
- drm/amdgpu: do not map BO in reserved region (git-fixes).
- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).
- drm/brige/megachips: Add checking if geb850v3lvds_init() is working correctly (git-fixes).
- drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).
- drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).
- drm/imx: tve remove extraneous type qualifier (git-fixes).
- drm/ttm: fix eviction valuable range check (git-fixes).
- drm/vc4: drv: Add error handding for bind (git-fixes).
- efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes).
- ftrace: Fix recursion check for NMI test (git-fixes).
- ftrace: Handle tracing when switching between context (git-fixes).
- hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).
- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820).
- hypervfb: Update screeninfo after removing old framebuffer (bsc#1175306).
- icmp: randomize the global rate limiter (git-fixes).
- kthreadworker: prevent queuing delayed work from timerfn when it is being canceled (git-fixes).
- leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).
- libceph: use sendpageok() in cephtcp_sendpage() (bsc#1172873).
- media: platform: Improve queue set up flow for bug fixing (git-fixes).
- media: tw5864: check status of tw5864frameintervalget (git-fixes).
- memcg: fix NULL pointer dereference in _memcgroupusageunregister_event (bsc#1177703).
- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).
- mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
- Move the upstreamed powercap fix into sorted sectio
- mtd: lpddr: Fix bad logic in printdrserror (git-fixes).
- net: add WARNONCE in kernelsendpage() for improper zero-copy send (bsc#1172873).
- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873).
- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).
- nvme-tcp: check page by sendpageok() before calling kernelsendpage() (bsc#1172873).
- p54: avoid accessing the data mapped to streaming DMA (git-fixes).
- pinctrl: intel: Set default bias in case no particular value given (git-fixes).
- powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).
- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
- power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).
- regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).
- regulator: resolve supply after creating regulator (git-fixes).
- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- scsi: libiscsi: use sendpageok() in iscsitcpsegmentmap() (bsc#1172873).
- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).
- staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).
- staging: octeon: repair 'fixed-link' support (git-fixes).
- thunderbolt: Add the missed idasimpleremove() in ringrequestmsix() (git-fixes).
- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).
- USB: adutux: fix debugging (git-fixes).
- usb: cdc-acm: fix cooldown mechanism (git-fixes).
- usb: host: fsl-mph-dr-of: check return of dmasetmask() (git-fixes).
- usb: mtu3: fix panic in mtu3gadgetstop() (git-fixes).
- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).
- USB: serial: option: add Quectel EC200T module support (git-fixes).
- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).
- usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).
- usb: typec: tcpm: reset hardresetcount for any disconnect (git-fixes).
- video: fbdev: pvr2fb: initialize variables (git-fixes).
- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
- vt: Disable KDFONTOP_COPY (bsc#1178589).
- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907).
- xfs: do not update mtime on COW faults (bsc#1167030).
- xfs: fix a missing unlock on error in xfsfsmap_blocks (git-fixes).
- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).
- xfs: fix rmap key and record comparison functions (git-fixes).
- xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20203507-1/
- https://bugzilla.suse.com/1058115
- https://bugzilla.suse.com/1163592
- https://bugzilla.suse.com/1167030
- https://bugzilla.suse.com/1172873
- https://bugzilla.suse.com/1175306
- https://bugzilla.suse.com/1175721
- https://bugzilla.suse.com/1176855
- https://bugzilla.suse.com/1176907
- https://bugzilla.suse.com/1176983
- https://bugzilla.suse.com/1177703
- https://bugzilla.suse.com/1177819
- https://bugzilla.suse.com/1177820
- https://bugzilla.suse.com/1178123
- https://bugzilla.suse.com/1178393
- https://bugzilla.suse.com/1178589
- https://bugzilla.suse.com/1178622
- https://bugzilla.suse.com/1178686
- https://bugzilla.suse.com/1178765
- https://bugzilla.suse.com/1178782
- https://bugzilla.suse.com/927455
- https://www.suse.com/security/cve/CVE-2020-25668
- https://www.suse.com/security/cve/CVE-2020-25704
- https://www.suse.com/security/cve/CVE-2020-25705
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / kernel-zfcpdump
Package
- Name
- kernel-zfcpdump
- Purl
- purl:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
SUSE:Linux Enterprise Module for Development Tools 15 SP1 / kernel-docs
Package
- Name
- kernel-docs
- Purl
- purl:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
SUSE:Linux Enterprise Module for Development Tools 15 SP1 / kernel-obs-build
Package
- Name
- kernel-obs-build
- Purl
- purl:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
SUSE:Linux Enterprise Module for Development Tools 15 SP1 / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
SUSE:Linux Enterprise Module for Development Tools 15 SP1 / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
SUSE:Linux Enterprise Module for Legacy 15 SP1 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1
SUSE:Linux Enterprise Live Patching 15 SP1 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1
SUSE:Linux Enterprise Live Patching 15 SP1 / kernel-livepatch-SLE15-SP1_Update_19
Package
- Name
- kernel-livepatch-SLE15-SP1_Update_19
- Purl
- purl:rpm/suse/kernel-livepatch-SLE15-SP1_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1
SUSE:Linux Enterprise High Availability Extension 15 SP1 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1