Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2613-1 Final 1 1 2019-10-08T12:37:05Z current 2019-10-08T12:37:05Z 2019-10-08T12:37:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) This update for the Linux Kernel 4.4.121-92_101 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-2613,SUSE-SLE-SAP-12-SP1-2019-2592,SUSE-SLE-SAP-12-SP1-2019-2595,SUSE-SLE-SAP-12-SP1-2019-2596,SUSE-SLE-SAP-12-SP1-2019-2597,SUSE-SLE-SAP-12-SP1-2019-2598,SUSE-SLE-SAP-12-SP2-2019-2593,SUSE-SLE-SAP-12-SP2-2019-2594,SUSE-SLE-SAP-12-SP2-2019-2604,SUSE-SLE-SAP-12-SP2-2019-2605,SUSE-SLE-SAP-12-SP2-2019-2613,SUSE-SLE-SAP-12-SP2-2019-2614,SUSE-SLE-SAP-12-SP2-2019-2615,SUSE-SLE-SERVER-12-SP1-2019-2592,SUSE-SLE-SERVER-12-SP1-2019-2595,SUSE-SLE-SERVER-12-SP1-2019-2596,SUSE-SLE-SERVER-12-SP1-2019-2597,SUSE-SLE-SERVER-12-SP1-2019-2598,SUSE-SLE-SERVER-12-SP2-2019-2593,SUSE-SLE-SERVER-12-SP2-2019-2594,SUSE-SLE-SERVER-12-SP2-2019-2604,SUSE-SLE-SERVER-12-SP2-2019-2605,SUSE-SLE-SERVER-12-SP2-2019-2613,SUSE-SLE-SERVER-12-SP2-2019-2614,SUSE-SLE-SERVER-12-SP2-2019-2615 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192613-1/ Link for SUSE-SU-2019:2613-1 https://lists.suse.com/pipermail/sle-security-updates/2019-October/005996.html E-Mail link for SUSE-SU-2019:2613-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1151021 SUSE Bug 1151021 https://www.suse.com/security/cve/CVE-2019-14835/ SUSE CVE CVE-2019-14835 page SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 kgraft-patch-4_4_121-92_109-default-5-2.1 kgraft-patch-3_12_74-60_64_107-default-9-2.1 kgraft-patch-3_12_74-60_64_107-xen-9-2.1 kgraft-patch-3_12_74-60_64_115-default-4-2.1 kgraft-patch-3_12_74-60_64_115-xen-4-2.1 kgraft-patch-3_12_74-60_64_110-default-5-2.1 kgraft-patch-3_12_74-60_64_110-xen-5-2.1 kgraft-patch-3_12_74-60_64_121-default-2-2.1 kgraft-patch-3_12_74-60_64_121-xen-2-2.1 kgraft-patch-3_12_74-60_64_118-default-2-2.1 kgraft-patch-3_12_74-60_64_118-xen-2-2.1 kgraft-patch-4_4_121-92_95-default-8-2.1 kgraft-patch-4_4_121-92_98-default-7-2.1 kgraft-patch-4_4_121-92_117-default-3-2.1 kgraft-patch-4_4_121-92_114-default-4-2.1 kgraft-patch-4_4_121-92_104-default-5-2.1 kgraft-patch-4_4_121-92_101-default-5-2.1 kgraft-patch-3_12_74-60_64_107-default-9-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_107-xen-9-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_115-default-4-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_115-xen-4-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_110-default-5-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_110-xen-5-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_121-default-2-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_121-xen-2-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_118-default-2-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_74-60_64_118-xen-2-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-4_4_121-92_95-default-8-2.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS kgraft-patch-4_4_121-92_98-default-7-2.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS kgraft-patch-4_4_121-92_117-default-3-2.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS kgraft-patch-4_4_121-92_114-default-4-2.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS kgraft-patch-4_4_121-92_109-default-5-2.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS kgraft-patch-4_4_121-92_104-default-5-2.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS kgraft-patch-4_4_121-92_101-default-5-2.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS kgraft-patch-3_12_74-60_64_107-default-9-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_107-xen-9-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_115-default-4-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_115-xen-4-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_110-default-5-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_110-xen-5-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_121-default-2-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_121-xen-2-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_118-default-2-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_74-60_64_118-xen-2-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-4_4_121-92_95-default-8-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 kgraft-patch-4_4_121-92_98-default-7-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 kgraft-patch-4_4_121-92_117-default-3-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 kgraft-patch-4_4_121-92_114-default-4-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 kgraft-patch-4_4_121-92_109-default-5-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 kgraft-patch-4_4_121-92_104-default-5-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 kgraft-patch-4_4_121-92_101-default-5-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. CVE-2019-14835 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_107-default-9-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_107-xen-9-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_110-default-5-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_110-xen-5-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_115-default-4-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_115-xen-4-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_118-default-2-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_118-xen-2-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_121-default-2-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_121-xen-2-2.1 SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_101-default-5-2.1 SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_104-default-5-2.1 SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_109-default-5-2.1 SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_114-default-4-2.1 SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_117-default-3-2.1 SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_95-default-8-2.1 SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_98-default-7-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_107-default-9-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_107-xen-9-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_110-default-5-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_110-xen-5-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_115-default-4-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_115-xen-4-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_118-default-2-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_118-xen-2-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_121-default-2-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_121-xen-2-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_101-default-5-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_104-default-5-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_109-default-5-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_114-default-4-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_117-default-3-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_95-default-8-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_98-default-7-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192613-1/ https://www.suse.com/security/cve/CVE-2019-14835.html CVE-2019-14835 https://bugzilla.suse.com/1150112 SUSE Bug 1150112 https://bugzilla.suse.com/1151021 SUSE Bug 1151021