The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls . - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c . - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c . - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it . - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c . - CVE-2020-11608: Fixed a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints . - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c . - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service or possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP . - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker is able to cause a denial of service or possibly execute arbitrary code, when a STA works in IBSS mode and connects to another STA . - CVE-2019-18675: Fixed an Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation . - CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition . - CVE-2019-19066: A memory leak in the bfad_im_get_stats function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service by triggering bfa_port_get_stats failures . - CVE-2019-20096: Fixed a memory leak in __feat_register_sp in net/dccp/feat.c, which may cause denial of service . - CVE-2019-19966: Fixed a use-after-free in cpia2_exit in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service . - CVE-2019-19532: Fixed multiple out-of-bounds write bugs that can be caused by a malicious USB device . - CVE-2019-19523: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver . - CVE-2019-19537: Fixed a race condition that can be caused by a malicious USB device in the USB character device driver layer . - CVE-2019-19527, CVE-2019-19530, CVE-2019-19524: Fixed multiple use-after-free bug that could be caused by a malicious USB device . - CVE-2019-15213: Fixed a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver . - CVE-2019-19531: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver . - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs . - CVE-2019-19227: Fixed a potential NULL pointer dereference in the AppleTalk subsystem . - CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd, which allowed attackers to cause a denial of service . - CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c, which allowed attackers to cause a denial of service . - CVE-2019-15916: Fixed a memory leak in register_queue_kobjects in net/core/net-sysfs.c, which could cause denial of service . - CVE-2019-12456: Fixed a denial of service in _ctl_ioctl_main, which could be triggered by a local user . The following non-security bugs were fixed: - Input: add safety guards to input_set_keycode . - blk: Fix kabi due to blk_trace_mutex addition . - blktrace: fix dereference after null check . - blktrace: fix trace mutex deadlock . - block: Fix oops scsi_disk_get . - fs/xfs: fix f_ffree value for statfs when project quota is set . - kaiser: Fix for 32bit KAISER implementations . - klist: fix starting point removed bug in klist iterators . - kobject: Export kobject_get_unless_zero . - kobject: fix kset_find_obj race with concurrent last kobject_put . - kref: minor cleanup . - media: ov519: add missing endpoint sanity checks . - media: stv06xx: add missing descriptor sanity checks . - netfilter: nf_nat: do not bug when mapping already exists . - powerpc/64: Make meltdown reporting Book3S 64 specific . - powerpc/pseries/mobility: notify network peers after migration . - powerpc/security/book3s64: Report L1TF status in sysfs . - powerpc/security: Fix wrong message when RFI Flush is disable . - rpm/kernel-binary.spec.in: Replace Novell with SUSE - sched: Fix race between task_group and sched_task_group . - sched: Remove lockdep check in sched_move_task . - scsi: lpfc: Fix driver crash in target reset handler . - writeback: fix race that cause writeback hung . - x86: fix speculation bug reporting . Special Instructions and Notes: Please reboot the system after installing this update.