Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0367-1 Final 1 1 2021-02-10T10:42:30Z current 2021-02-10T10:42:30Z 2021-02-10T10:42:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) This update for the Linux Kernel 5.3.18-22 fixes several issues. The following security issues were fixed: - CVE-2020-29373: Fixed an issue where kernel unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations (bsc#1179779). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-367,SUSE-SLE-Module-Live-Patching-15-SP2-2021-365,SUSE-SLE-Module-Live-Patching-15-SP2-2021-366,SUSE-SLE-Module-Live-Patching-15-SP2-2021-367,SUSE-SLE-Module-Live-Patching-15-SP2-2021-368 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ Link for SUSE-SU-2021:0367-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008296.html E-Mail link for SUSE-SU-2021:0367-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179664 SUSE Bug 1179664 https://bugzilla.suse.com/1179779 SUSE Bug 1179779 https://bugzilla.suse.com/1179877 SUSE Bug 1179877 https://bugzilla.suse.com/1180008 SUSE Bug 1180008 https://bugzilla.suse.com/1180030 SUSE Bug 1180030 https://bugzilla.suse.com/1180032 SUSE Bug 1180032 https://bugzilla.suse.com/1180562 SUSE Bug 1180562 https://www.suse.com/security/cve/CVE-2020-0465/ SUSE CVE CVE-2020-0465 page https://www.suse.com/security/cve/CVE-2020-0466/ SUSE CVE CVE-2020-0466 page https://www.suse.com/security/cve/CVE-2020-29368/ SUSE CVE CVE-2020-29368 page https://www.suse.com/security/cve/CVE-2020-29373/ SUSE CVE CVE-2020-29373 page https://www.suse.com/security/cve/CVE-2020-29569/ SUSE CVE CVE-2020-29569 page https://www.suse.com/security/cve/CVE-2020-29660/ SUSE CVE CVE-2020-29660 page https://www.suse.com/security/cve/CVE-2020-29661/ SUSE CVE CVE-2020-29661 page https://www.suse.com/security/cve/CVE-2020-36158/ SUSE CVE CVE-2020-36158 page SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_9-default-6-2.1 kernel-livepatch-5_3_18-24_9-preempt-6-2.1 kernel-livepatch-5_3_18-24_15-default-5-2.1 kernel-livepatch-5_3_18-24_12-default-5-2.1 kernel-livepatch-5_3_18-22-default-7-5.2 kernel-livepatch-5_3_18-24_15-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_12-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-24_9-default-6-2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-22-default-7-5.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel CVE-2020-0465 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-0465.html CVE-2020-0465 https://bugzilla.suse.com/1180029 SUSE Bug 1180029 https://bugzilla.suse.com/1180030 SUSE Bug 1180030 In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel CVE-2020-0466 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-0466.html CVE-2020-0466 https://bugzilla.suse.com/1180031 SUSE Bug 1180031 https://bugzilla.suse.com/1180032 SUSE Bug 1180032 https://bugzilla.suse.com/1199255 SUSE Bug 1199255 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. CVE-2020-29368 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-29368.html CVE-2020-29368 https://bugzilla.suse.com/1179428 SUSE Bug 1179428 https://bugzilla.suse.com/1179660 SUSE Bug 1179660 https://bugzilla.suse.com/1179664 SUSE Bug 1179664 An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. CVE-2020-29373 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-29373.html CVE-2020-29373 https://bugzilla.suse.com/1179434 SUSE Bug 1179434 https://bugzilla.suse.com/1179779 SUSE Bug 1179779 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. CVE-2020-29569 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-29569.html CVE-2020-29569 https://bugzilla.suse.com/1179509 SUSE Bug 1179509 https://bugzilla.suse.com/1180008 SUSE Bug 1180008 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. CVE-2020-29660 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-29660.html CVE-2020-29660 https://bugzilla.suse.com/1179745 SUSE Bug 1179745 https://bugzilla.suse.com/1179877 SUSE Bug 1179877 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. CVE-2020-29661 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-29661.html CVE-2020-29661 https://bugzilla.suse.com/1179745 SUSE Bug 1179745 https://bugzilla.suse.com/1179877 SUSE Bug 1179877 https://bugzilla.suse.com/1214268 SUSE Bug 1214268 mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. CVE-2020-36158 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-22-default-7-5.2 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_12-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-5-2.1 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_9-default-6-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210367-1/ https://www.suse.com/security/cve/CVE-2020-36158.html CVE-2020-36158 https://bugzilla.suse.com/1180559 SUSE Bug 1180559 https://bugzilla.suse.com/1180562 SUSE Bug 1180562