File _patchinfo of Package patchinfo.18045

<patchinfo incident="18045">
  <issue id="1179664" tracker="bnc">VUL-0: CVE-2020-29368: kernel live patch: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check</issue>
  <issue id="1179877" tracker="bnc">VUL-0: CVE-2020-29660, CVE-2020-29661: kernel live patch: [tty] hole/race in pgrp &amp; session handling</issue>
  <issue id="1180008" tracker="bnc">VUL-0: CVE-2020-29569: kernel live patch: Use after free triggered by block frontend in Linux blkback (XSA-350 v3)</issue>
  <issue id="1180030" tracker="bnc">VUL-0: CVE-2020-0465: kernel live patch: In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges nee</issue>
  <issue id="1180032" tracker="bnc">VUL-0: CVE-2020-0466: kernel live patch: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges ne</issue>
  <issue id="1180562" tracker="bnc">VUL-0: CVE-2020-36158: kernel live patch: RCE via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start marvell/mwifiex/join.c</issue>
  <issue id="2020-0465" tracker="cve" />
  <issue id="2020-0466" tracker="cve" />
  <issue id="2020-29368" tracker="cve" />
  <issue id="2020-29569" tracker="cve" />
  <issue id="2020-29660" tracker="cve" />
  <issue id="2020-29661" tracker="cve" />
  <issue id="2020-36158" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 4.12.14-150_58 fixes several issues.

The following security issues were fixed:

- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. 
- CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877).
- CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664).
</description>
<summary>Security update for the Linux Kernel (Live Patch 20 for SLE 15)</summary>
</patchinfo>