The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575)
CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#)
CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935)
CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smptasktimedout() and smptaskdone() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395)
CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmgetnotzero or gettaskmm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/taskmmu.c, and drivers/infiniband/core/uverbsmain.c. (bnc#1133738)
CVE-2019-12614: An issue was discovered in dlparparsecc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#)
CVE-2019-12818: An issue was discovered in the Linux kernel The nfcllcpbuildtlv function in net/nfc/llcpcommands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfcllcpbuildgb in net/nfc/llcpcore.c. (bnc#1137194)
CVE-2019-12819: An issue was discovered in the Linux kernel The function _mdiobusregister() in drivers/net/phy/mdiobus.c called putdevice(), which would trigger a fixedmdiobus_init use-after-free. This would cause a denial of service. (bnc#1138291)
CVE-2019-12456 a double-fetch bug in ctlioctl_main() could allow local users to create a denial of service (bsc#1136922).
CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#)
CVE-2019-11487: The Linux kernel allowed page-refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipefs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190)
The following non-security bugs were fixed:
Drop multiversion(kernel) from the KMP template (bsc#1127155).
Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19.
sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701).
x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382).
x86/microcode/AMD: Fix initrd loading with CONFIGRANDOMIZEMEMORY=y (bsc#1134701).
x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701).