The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
CVE-2020-25668: Fixed a concurrency use-after-free in confontop (bsc#1178123).
CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
CVE-2020-25704: Fixed a leak in perfeventparseaddrfilter() (bsc#1178393).
CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)
CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).
CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).
CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).
CVE-2020-29369: Fixed a race condition between certain expand functions (expanddownwards and expandupwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).
The following non-security bugs were fixed:
9P: Cast to loff_t before multiplying (git-fixes).
ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).
devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).
docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).
Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process.
drbd: code cleanup by using sendpageok() to check page for kernelsendpage() (bsc#1172873).
Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'.
Revert 'cdc-acm: hardening against malicious devices' (git-fixes).
Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).
Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550).
rfkill: Fix use-after-free in rfkill_resume() (git-fixes).
ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).
rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger -dimstar@opensuse.org
rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.
rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
rpm/mkspec: do not build kernel-obs-build on x8632 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*.x8664.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.
s390/bpf: Fix multiple tail calls (git-fixes).
s390/cpumcf,perf: change DFLTCCERROR counter name (bsc#1175918 LTC#187935).
s390/cpumsf.c: fix file permission for cpumsfb_size (git-fixes).
s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).