The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.
For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736
The following security issues were fixed:
- CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767).
- CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427).
- CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704).
- CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681).
- CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828).
The following non-security bugs were fixed: