The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-20855: An issue was discovered in createqpcommon, mlx5ibcreateqpresp was never initialized, resulting in a leak of stack memory to userspace. (bnc#bsc#1103991)
CVE-2019-1125: Fix Spectre V1 variant via swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).
CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allowed a denial of service by setupformatparams division-by-zero. (bnc#bsc#1143189)
CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (bsc#1143191)
CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference can occur when megasascreateframepool() fails in megasasalloccmds() in drivers/scsi/megaraid/megaraidsas_base.c. This causes a Denial of Service, related to a use-after-free. (bsc#1134399)
CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265)
CVE-2019-13631: In parsehidreport_descriptor, a malicious usb device could send an hid: report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)
CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575)
CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. (bsc#1140577)
CVE-2019-13233: In arch/x86/lib/insn-eval.c, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. (bnc#1140454)
CVE-2018-20836: In the Linux kernel there was a race condition in smptasktimedout() and smptaskdone() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395)
CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmgetnotzero or gettaskmm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/taskmmu.c, and drivers/infiniband/core/uverbsmain.c. (bnc#1133738)
CVE-2019-12817: Linux kernel for powerpc had a bug where unrelated processes could be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. (bsc#1138263, bsc#1139619)
CVE-2019-12614: In dlparparsecc_property there was an unchecked kstrdup of prop->name, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1137194)
CVE-2018-16871: An attacker, who was able to mount an exported NFS filesystem, was able to trigger a null pointer dereference by using an invalid NFS sequence. This could panic the machine and deny access to the NFS server. (bsc#1137103)
CVE-2019-12819: An issue was discovered in the Linux kernel The function _mdiobusregister() calls putdevice(), which would trigger a fixedmdiobusinit use-after-free. This would cause a denial of service. (bsc#1138291)
CVE-2019-12818: The nfcllcpbuildtlv function in net/nfc/llcpcommands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bsc#1138293)
The following non-security bugs were fixed:
6lowpan: Off by one handling ->nexthdr (bsc#1051510).
wil6210: fix spurious interrupts in 3-msi (bsc#1111666).
x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903).
x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279).
x86/CPU/hygon: Fix physprocid calculation logic for multi-die processors ().
x86/CPU: Add Icelake model number (jsc#SLE-5226).
x86/alternative: Init ideal_nops for Hygon Dhyana ().
x86/amd_nb: Add support for Raven Ridge CPUs ().
x86/amd_nb: Check vendor in AMD-only functions ().
x86/apic: Add Hygon Dhyana support ().
x86/bugs: Add Hygon Dhyana to the respective mitigation machinery ().
x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().
x86/cpu: Create Hygon Dhyana architecture support file ().
x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().
x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions.
x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382).
x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187).
x86/events: Add Hygon Dhyana support to PMU infrastructure ().
x86/kvm: Add Hygon Dhyana support to kvm ().
x86/mce: Add Hygon Dhyana support to the MCA infrastructure ().
x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). This feature was requested for SLE15 but aws reverted in packaging and master.
x86/mce: Fix machinecheckpoll() tests for error types (bsc#1114279).
x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).
x86/microcode: Fix microcode hotplug state (bsc#1114279).
x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).
x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).
x86/pci, x86/amd_nb: Add Hygon Dhyana support to pci and northbridge ().
x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana ().
x86/smpboot: Rename matchdie() to matchpkg() (jsc#SLE-5454).
x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).
x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).