The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).
CVE-2019-8980: A memory leak in the kernelreadfile function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).
CVE-2019-3819: A flaw was found in the function hiddebugevents_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161).
CVE-2019-8912: afalgrelease() in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfssetattr (bnc#1125907).
CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).
CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
CVE-2019-7221: The KVM implementation had a Use-after-Free problem (bnc#1124732).
CVE-2019-7222: The KVM implementation had an Information Leak (bnc#1124735).
CVE-2019-6974: kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728).
CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971).
The following non-security bugs were fixed:
6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).
9p: clear dangling pointers in p9stat_free (bsc#1051510).
9p locks: fix glock.clientid leak in dolock (bsc#1051510).
9p/net: fix memory leak in p9clientcreate (bsc#1051510).
9p/net: put a lower bound on msize (bsc#1051510).
9p: use inode->ilock to protect isize_write() under 32-bit (bsc#1051510).
acpi/APEI: Clear GHES block_status before panic() (bsc#1051510).
acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510).
acpi/nfit: Block function zero DSMs (bsc#1051510).
acpi/nfit: Fix Address Range Scrub completion tracking (bsc#1124969).
acpi/nfit: Fix bus command validation (bsc#1051510).
dm cache metadata: verify cache has blocks in blocksarecleanseparatedirty() (git-fixes).
dm: call blkqueuesplit() to impose device limits on bios (git-fixes).
dm: do not allow readahead to limit IO size (git-fixes).
dm thin: send event about thin-pool state change after making it (git-fixes).
dm zoned: Fix target BIO completion handling (git-fixes).
doc: rcu: Suspicious RCU usage is a warning (bsc#1051510).
doc/README.SUSE: Correct description for building a kernel (bsc#1123348) The obsoleted make cloneconfig is corrected. Also the order of make scripts and make prepare are corrected as well.
Do not log confusing message on reconnect by default (bsc#1129664).
Do not log expected error on DFS referral request (bsc#1051510).
driver core: Do not resume suppliers under devicelinkswrite_lock() (bsc#1051510).