Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3670-1 Final 1 1 2020-12-07T16:33:27Z current 2020-12-07T16:33:27Z 2020-12-07T16:33:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) This update for the Linux Kernel 4.12.14-197_64 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-3670,SUSE-SLE-Live-Patching-12-SP4-2020-3657,SUSE-SLE-Live-Patching-12-SP4-2020-3658,SUSE-SLE-Live-Patching-12-SP4-2020-3659,SUSE-SLE-Live-Patching-12-SP4-2020-3660,SUSE-SLE-Live-Patching-12-SP4-2020-3661,SUSE-SLE-Live-Patching-12-SP4-2020-3662,SUSE-SLE-Live-Patching-12-SP5-2020-3663,SUSE-SLE-Live-Patching-12-SP5-2020-3664,SUSE-SLE-Live-Patching-12-SP5-2020-3665,SUSE-SLE-Live-Patching-12-SP5-2020-3666,SUSE-SLE-Live-Patching-12-SP5-2020-3667,SUSE-SLE-Live-Patching-12-SP5-2020-3668,SUSE-SLE-Live-Patching-12-SP5-2020-3669,SUSE-SLE-Live-Patching-12-SP5-2020-3670,SUSE-SLE-Live-Patching-12-SP5-2020-3671,SUSE-SLE-Live-Patching-12-SP5-2020-3672,SUSE-SLE-Live-Patching-12-SP5-2020-3673,SUSE-SLE-Live-Patching-12-SP5-2020-3674,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3680,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3681,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3682,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3683,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3684,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3685,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3686,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3687,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3688,SUSE-SLE-Module-Live-Patching-15-SP1-2020-3689 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203670-1/ Link for SUSE-SU-2020:3670-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007929.html E-Mail link for SUSE-SU-2020:3670-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1178046 SUSE Bug 1178046 https://bugzilla.suse.com/1178622 SUSE Bug 1178622 https://bugzilla.suse.com/1178700 SUSE Bug 1178700 https://bugzilla.suse.com/1178783 SUSE Bug 1178783 https://www.suse.com/security/cve/CVE-2020-25668/ SUSE CVE CVE-2020-25668 page https://www.suse.com/security/cve/CVE-2020-25705/ SUSE CVE CVE-2020-25705 page https://www.suse.com/security/cve/CVE-2020-8694/ SUSE CVE CVE-2020-8694 page SUSE Linux Enterprise Live Patching 12 SP4 SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Live Patching 15 SP1 kgraft-patch-4_12_14-122_29-default-5-2.1 kgraft-patch-4_12_14-95_45-default-9-2.2 kgraft-patch-4_12_14-95_48-default-8-2.2 kgraft-patch-4_12_14-95_51-default-7-2.2 kgraft-patch-4_12_14-95_54-default-5-2.2 kgraft-patch-4_12_14-95_57-default-5-2.1 kgraft-patch-4_12_14-95_60-default-4-2.1 kgraft-patch-4_12_14-120-default-9-3.2 kgraft-patch-4_12_14-122_7-default-9-2.2 kgraft-patch-4_12_14-122_12-default-9-2.2 kgraft-patch-4_12_14-122_17-default-8-2.2 kgraft-patch-4_12_14-122_20-default-7-2.2 kgraft-patch-4_12_14-122_23-default-5-2.2 kgraft-patch-4_12_14-122_26-default-5-2.2 kgraft-patch-4_12_14-122_32-default-5-2.1 kgraft-patch-4_12_14-122_37-default-4-2.1 kgraft-patch-4_12_14-122_41-default-3-2.1 kgraft-patch-4_12_14-122_46-default-2-2.1 kernel-livepatch-4_12_14-197_29-default-9-2.2 kernel-livepatch-4_12_14-197_34-default-8-2.2 kernel-livepatch-4_12_14-197_37-default-8-2.2 kernel-livepatch-4_12_14-197_40-default-7-2.2 kernel-livepatch-4_12_14-197_45-default-5-2.2 kernel-livepatch-4_12_14-197_48-default-5-2.1 kernel-livepatch-4_12_14-197_51-default-5-2.1 kernel-livepatch-4_12_14-197_56-default-4-2.1 kernel-livepatch-4_12_14-197_61-default-3-2.1 kernel-livepatch-4_12_14-197_64-default-2-2.1 kgraft-patch-4_12_14-95_45-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_48-default-8-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_51-default-7-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_54-default-5-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_57-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_60-default-4-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-120-default-9-3.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_7-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_12-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_17-default-8-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_20-default-7-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_23-default-5-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_26-default-5-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_29-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_32-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_37-default-4-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_41-default-3-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_46-default-2-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-livepatch-4_12_14-197_29-default-9-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_34-default-8-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_37-default-8-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_40-default-7-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_45-default-5-2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_48-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_51-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_56-default-4-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_61-default-3-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-197_64-default-2-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP1 A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. CVE-2020-25668 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_45-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-8-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_51-default-7-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_54-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-120-default-9-3.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-8-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_20-default-7-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_23-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_26-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_29-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_32-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_37-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_41-default-3-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_46-default-2-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_7-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-8-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-8-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_40-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_45-default-5-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_48-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_51-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_56-default-4-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_61-default-3-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_64-default-2-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203670-1/ https://www.suse.com/security/cve/CVE-2020-25668.html CVE-2020-25668 https://bugzilla.suse.com/1178123 SUSE Bug 1178123 https://bugzilla.suse.com/1178622 SUSE Bug 1178622 https://bugzilla.suse.com/1196914 SUSE Bug 1196914 A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version CVE-2020-25705 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_45-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-8-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_51-default-7-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_54-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-120-default-9-3.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-8-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_20-default-7-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_23-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_26-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_29-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_32-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_37-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_41-default-3-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_46-default-2-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_7-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-8-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-8-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_40-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_45-default-5-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_48-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_51-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_56-default-4-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_61-default-3-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_64-default-2-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203670-1/ https://www.suse.com/security/cve/CVE-2020-25705.html CVE-2020-25705 https://bugzilla.suse.com/1175721 SUSE Bug 1175721 https://bugzilla.suse.com/1178782 SUSE Bug 1178782 https://bugzilla.suse.com/1178783 SUSE Bug 1178783 https://bugzilla.suse.com/1191790 SUSE Bug 1191790 Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8694 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_45-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-8-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_51-default-7-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_54-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_57-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_60-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-120-default-9-3.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-9-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-8-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_20-default-7-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_23-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_26-default-5-2.2 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_29-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_32-default-5-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_37-default-4-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_41-default-3-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_46-default-2-2.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_7-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-9-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-8-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-8-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_40-default-7-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_45-default-5-2.2 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_48-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_51-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_56-default-4-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_61-default-3-2.1 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_64-default-2-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203670-1/ https://www.suse.com/security/cve/CVE-2020-8694.html CVE-2020-8694 https://bugzilla.suse.com/1170415 SUSE Bug 1170415 https://bugzilla.suse.com/1170446 SUSE Bug 1170446 https://bugzilla.suse.com/1178591 SUSE Bug 1178591 https://bugzilla.suse.com/1178700 SUSE Bug 1178700 https://bugzilla.suse.com/1179661 SUSE Bug 1179661