SUSE-SU-2019:14157-1

Advisory lineage Upstream: 7 Downstream: 0
Published: 29 Aug 2019, 14:18
Last modified:04 Feb 2026, 02:29

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Aug 2019, 14:18
Published
Vulnerability first disclosed
04 Feb 2026, 02:29
Last Modified
Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2015-9289: A buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allowed larger values such as 23 (bsc#1143179). The following non-security bugs were fixed: - fix detection of race between fcntl-setlk and close (bsc#1140965). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - xen-netfront: use napi_complete() correctly to prevent Rx stalling (bsc#1138744).

Affected Systems

  • susekernel-bigmem&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-default&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-ec2&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-pae&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-ppc64&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-source&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-syms&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-trace&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

  • susekernel-xen&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

    < 3.0.101-108.101.1

References (24)