Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0808-1 Final 1 1 2021-03-17T16:10:29Z current 2021-03-17T16:10:29Z 2021-03-17T16:10:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP5) This update for the Linux Kernel 4.12.14-122_60 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-808,SUSE-SLE-Live-Patching-12-SP5-2021-808 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210808-1/ Link for SUSE-SU-2021:0808-1 https://lists.suse.com/pipermail/sle-security-updates/2021-March/008504.html E-Mail link for SUSE-SU-2021:0808-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179616 SUSE Bug 1179616 https://bugzilla.suse.com/1179664 SUSE Bug 1179664 https://www.suse.com/security/cve/CVE-2020-27786/ SUSE CVE CVE-2020-27786 page https://www.suse.com/security/cve/CVE-2020-29368/ SUSE CVE CVE-2020-29368 page SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_60-default-2-2.2 kgraft-patch-4_12_14-122_60-default-2-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-27786 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_60-default-2-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210808-1/ https://www.suse.com/security/cve/CVE-2020-27786.html CVE-2020-27786 https://bugzilla.suse.com/1179601 SUSE Bug 1179601 https://bugzilla.suse.com/1179616 SUSE Bug 1179616 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. CVE-2020-29368 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_60-default-2-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210808-1/ https://www.suse.com/security/cve/CVE-2020-29368.html CVE-2020-29368 https://bugzilla.suse.com/1179428 SUSE Bug 1179428 https://bugzilla.suse.com/1179660 SUSE Bug 1179660 https://bugzilla.suse.com/1179664 SUSE Bug 1179664