The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues.
The following security bugs were fixed:
CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016).
CVE-2019-8980: A memory leak in the kernelreadfile function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).
CVE-2019-3819: A flaw was found in the function hiddebugevents_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161).
CVE-2019-8912: afalgrelease() in crypto/afalg.c neglected to set a NULL value for a certain structure member, which led to a use-after-free in sockfssetattr (bnc#1125907 1126284).
CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).
CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).
CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).
CVE-2019-6974: kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728).
CVE-2018-20669: An issue where a provided address with accessok() is not checked was discovered in i915gemexecbuffer2ioctl in drivers/gpu/drm/i915/i915gemexecbuffer.c where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).
The following non-security bugs were fixed:
6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).
9p: clear dangling pointers in p9stat_free (bsc#1051510).
9p locks: fix glock.clientid leak in dolock (bsc#1051510).
9p/net: fix memory leak in p9clientcreate (bsc#1051510).
9p/net: put a lower bound on msize (bsc#1051510).
9p: use inode->ilock to protect isize_write() under 32-bit (bsc#1051510).
acpi/APEI: Clear GHES block_status before panic() (bsc#1051510).
acpi / device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510).
acpi/nfit: Block function zero DSMs (bsc#1051510).
acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).
acpi/nfit: Fix bus command validation (bsc#1051510).
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510).
regulator: wm831x-dcdc: Fix list of wm831xdcdcilim from mA to uA (bsc#1051510).
remove 2 entries since now we have them, 744889b7cbb56a64f957e65ade7cb65fe3f35714 1adfc5e4136f5967d591c399aff95b3b035f16b7
Remove blacklist of virtio patch so we can install it (bsc#1114585)
Remove conditional support for SMB2 and SMB3:
Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510).
Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510).
Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510).
Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()' This reverts commit f84e065a0c26b5f0777e94ceb67dd494bb7b4d2f. The patch should not have gone to SLE12-SP4. SLE12-SP4 still follows kGraft naming.
Revert 'sd: disable logical block provisioning if 'lbpme' is not set' This reverts commit e365f138cb9c9c48b710864a9f37a91b4b93381d. Patch not accepted upstream.