The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).
CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth' aka 'BadVibes' (bsc#1177726).
CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).
CVE-2020-25212: A TOCTOU mismatch in the NFS client code in the Linux kernel could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).
CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1177511).
CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the pppcpparse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206).
CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121).
CVE-2020-25704: Fixed a memory leak in perfeventparseaddrfilter() (bsc#1178393).
CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123).
CVE-2020-25656: Extend funcbuflock to readers (bnc#1177766).
CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485).
CVE-2020-14351: Fixed race in the perfmmapclose() function (bsc#1177086).
CVE-2020-8694: Restrict energy meter to root access (bsc#1170415).
CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470).
CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)
The following non-security bugs were fixed:
9p: Fix memory leak in v9fs_mount (git-fixes).
ACPI: Always build evged in (git-fixes).
ACPI: button: fix handling lid state changes when input device closed (git-fixes).
ACPI: configfs: Add missing configitemput() to fix refcount leak (git-fixes).
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).
ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).
ACPI: EC: Reference count query handlers under lock (git-fixes).
ACPI / extlog: Check for RDMSR failure (git-fixes).
ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).
actife: load meta modules before tcfidrcheckalloc() (networking-stable-200924).