Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR

A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a nethashmix function. A remote user could observe this IP ID field to extract the kernel address bits used to derive its value, which may result in leaking the hash key and...

Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

SUSE-SU-2020:0558-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources bsc1163971. -...

Unbreakable Enterprise kernel security update

4.1.12-124.36.1.1 - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30847137 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function Oliver Upton Orabug: 30847137 CVE-2020-2732 - KVM: nVMX: Dont emulate instructions in guest mode Paolo Bonzini Orabug:...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

MGASA-2020-0089 Updated kernel-linus packages fix security vulnerabilities

This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...

Unbreakable Enterprise kernel security update

4.1.12-124.36.1 - iscsi-target: graceful disconnect on invalid mapping to iovec Imran Haider Orabug: 30459537 - x86/microcode: Issue update message only once Borislav Petkov Orabug: 30528904 - x86/microcode/intel: Issue the revision updated message only on the BSP Borislav Petkov Orabug: 30528904...

openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:2507-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

kernel security and bug fix update

2.6.32-754.25.1.OL6 - Update genkey Orabug: 25599697 2.6.32-754.25.1 - kvm KVM: VMX: Set VMENTERL1DFLUSHNOTREQUIRED if !X86BUGL1TF Waiman Long 1733760 - virt KVM: coalescedmmio: add bounds checking Bandan Das 1746799 CVE-2019-14821 - virt KVM: MMIO: Lock coalesced device when checking for availab...

SUSE-SU-2019:3289-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel-azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19531: Fixed a use-after-free due to a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca bsc1158445. - CVE-2019-19543:...

SUSE-SU-2019:3258-1 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3)

This update for the Linux Kernel 4.4.178-9491 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to improper error handling bsc1156331. - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper...

SUSE-SU-2019:3248-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship bsc1156321...

Unbreakable Enterprise kernel security update

4.1.12-124.34.1 - block/loop: set hwsectors Shaohua Li Orabug: 30244514 - block-mq: fix hung due to too much warning log Junxiao Bi Orabug: 30273956 - oled: export symbols Wengang Wang Orabug: 30512063 - oled: give panic handler chance to run before kexec Wengang Wang Orabug: 30512063 - USB:...

Unbreakable Enterprise kernel security update

2.6.39-400.317.1 - ieee802154: enforce CAPNETRAW for raw sockets Allen Pais Orabug: 30444948 CVE-2019-17053 - mISDN: enforce CAPNETRAW for raw sockets Ori Nimron Orabug: 30445161 CVE-2019-17055 - net: sit: fix memory leak in sitinitnet Mao Wenan Orabug: 30445309 CVE-2019-16994 - media: dvb: usb:...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.41.1 - x86/speculation: Determine swapgs before alternative instructions are set Patrick Colp Orabug: 30379626 - ieee802154: enforce CAPNETRAW for raw sockets Allen Pais Orabug: 30444947 CVE-2019-17053 - mISDN: enforce CAPNETRAW for raw sockets Ori Nimron Orabug: 30445159...

Linux Bug Opens Most VPNs to Hijacking

A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers. According to researchers at University of New Mexico and Breakpointin...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

DEBIAN-CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c...

UBUNTU-CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c...