The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.
The following new features were implemented:
- jsc#SLE-4875: [CML] New device IDs for CML
- jsc#SLE-7294: Add cpufreq driver for Raspberry Pi
- fate#321840: Reduce memory required to boot capture kernel while using fadump
- fate#326869: perf: pmu mem_load/store event support
- fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times
The following security bugs were fixed:
- CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516)
- CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).
- CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112).
- CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612).
- CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456).
- CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713)
- CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626)
- CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602)
- CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591).
- CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552)
- CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)
- CVE-2019-15926: Out of bounds...