MGASA-2020-0228

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues:

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIPSO restricted bitmap tag in the 'cipsov4parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service (CVE-2020-10711).

usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference(CVE-2020-12464).

An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out-of-bounds write (by a user with the CAPNET_ADMIN capability) because of a lack of headroom validation (CVE-2020-12659).

An issue was discovered in the Linux kernel through 5.6.11. sgwrite lacks an sgremove_request call in a certain failure case (CVE-2020-12770).

gadgetdevdescUDCstore in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read (CVE-2020-13143).

For other fixes and changes in this update, see the refenced changelogs.