Bugzilla – Bug 1179432
VUL-0: CVE-2020-29369: kernel-source: race condition between certain expand functions and page-table free operations from munmap()
Last modified: 2024-06-25 15:28:26 UTC
CVE-2020-29369 An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29369 https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29369 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c
tracking these codestreams as affected for now: - SUSE:SLE-11-SP1:Update:Teradata/kernel-source - SUSE:SLE-11-SP3:Update/kernel-source - SUSE:SLE-11-SP3:Update:Teradata/kernel-source - SUSE:SLE-11-SP4:Update/kernel-source - SUSE:SLE-12-SP2:Update/kernel-source - SUSE:SLE-12-SP3:Update/kernel-source - SUSE:SLE-12-SP3:Update:Products:Teradata:Update/kernel-source - SUSE:SLE-12-SP4:Update/kernel-source - SUSE:SLE-12-SP5:Update/kernel-source - SUSE:SLE-15:Update/kernel-source - SUSE:SLE-15-SP1:Update/kernel-source for the SLE11 kernels I am sometimes not sure if the verdict is correct(especially for SLE11-SP1) and would not mind a second opinion.
*** Bug 1173504 has been marked as a duplicate of this bug. ***
15-SP2 and all branches merging from it already have the fix. See bug 1173504. dd2283f2605e has been introduced in 4.20 and we have never backported it to older code streams so we should be done here. bouncing back to the sec. team.
(In reply to Robert Frohl from comment #1) > - SUSE:SLE-11-SP1:Update:Teradata/kernel-source > - SUSE:SLE-11-SP3:Update/kernel-source > - SUSE:SLE-11-SP3:Update:Teradata/kernel-source > - SUSE:SLE-11-SP4:Update/kernel-source > - SUSE:SLE-12-SP2:Update/kernel-source > - SUSE:SLE-12-SP3:Update/kernel-source > - SUSE:SLE-12-SP3:Update:Products:Teradata:Update/kernel-source > - SUSE:SLE-12-SP4:Update/kernel-source > - SUSE:SLE-12-SP5:Update/kernel-source > - SUSE:SLE-15:Update/kernel-source > - SUSE:SLE-15-SP1:Update/kernel-source these are now tracked as not affected
closing, nothing left to do
This is an autogenerated message for OBS integration: This bug (1179432) was mentioned in https://build.opensuse.org/request/show/852735 15.2 / kernel-source
openSUSE-SU-2020:2161-1: An update that solves 11 vulnerabilities and has 57 fixes is now available. Category: security (important) Bug References: 1149032,1152489,1153274,1154353,1155518,1160634,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175721,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177666,1177703,1177820,1178182,1178227,1178286,1178304,1178401,1178426,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178782,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179424,1179426,1179427,1179429,1179432 CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-25705,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 JIRA References: Sources used: openSUSE Leap 15.2 (src): kernel-debug-5.3.18-lp152.54.1, kernel-default-5.3.18-lp152.54.1, kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1, kernel-docs-5.3.18-lp152.54.2, kernel-kvmsmall-5.3.18-lp152.54.1, kernel-obs-build-5.3.18-lp152.54.1, kernel-obs-qa-5.3.18-lp152.54.1, kernel-preempt-5.3.18-lp152.54.1, kernel-source-5.3.18-lp152.54.1, kernel-syms-5.3.18-lp152.54.1
SUSE-SU-2020:3713-1: An update that solves 15 vulnerabilities, contains one feature and has 71 fixes is now available. Category: security (important) Bug References: 1149032,1152489,1153274,1154353,1154852,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1170415,1170446,1171073,1171558,1172873,1174527,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178591,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,1179802 CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28368,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788,CVE-2020-8694,CVE-2020-8695 JIRA References: SLE-8449 Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src): kernel-azure-5.3.18-18.29.1, kernel-source-azure-5.3.18-18.29.1, kernel-syms-azure-5.3.18-18.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3748-1: An update that solves 12 vulnerabilities and has 72 fixes is now available. Category: security (important) Bug References: 1149032,1152489,1153274,1154353,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177577,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179225,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550 CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 JIRA References: Sources used: SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.43.2, kernel-livepatch-SLE15-SP2_Update_8-1-5.3.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3748-1: An update that solves 12 vulnerabilities and has 72 fixes is now available. Category: security (important) Bug References: 1149032,1152489,1153274,1154353,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177577,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179225,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550 CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): kernel-default-5.3.18-24.43.2 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.43.2, kernel-livepatch-SLE15-SP2_Update_8-1-5.3.3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src): kernel-default-5.3.18-24.43.2 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): kernel-docs-5.3.18-24.43.2, kernel-obs-build-5.3.18-24.43.2, kernel-preempt-5.3.18-24.43.2, kernel-source-5.3.18-24.43.2, kernel-syms-5.3.18-24.43.2 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): kernel-default-5.3.18-24.43.2, kernel-default-base-5.3.18-24.43.2.9.17.3, kernel-preempt-5.3.18-24.43.2, kernel-source-5.3.18-24.43.2 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.43.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3764-1: An update that solves 11 vulnerabilities and has 62 fixes is now available. Category: security (important) Bug References: 1139944,1149032,1152489,1153274,1154353,1155518,1158775,1160634,1161099,1167773,1170139,1171558,1173504,1174852,1175721,1175918,1175995,1176109,1176200,1176481,1176586,1176855,1176956,1177066,1177070,1177353,1177397,1177666,1178182,1178203,1178227,1178286,1178401,1178426,1178590,1178634,1178635,1178653,1178669,1178740,1178755,1178756,1178762,1178782,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,1179578,1179601,1179639 CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-25705,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28941,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 JIRA References: Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-19.1, kernel-rt_debug-5.3.18-19.1, kernel-source-rt-5.3.18-19.1, kernel-syms-rt-5.3.18-19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:2260-1: An update that solves 12 vulnerabilities and has 72 fixes is now available. Category: security (important) Bug References: 1149032,1152489,1153274,1154353,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177577,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179225,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550 CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 JIRA References: Sources used: openSUSE Leap 15.2 (src): kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1
openSUSE-SU-2021:0242-1: An update that solves 79 vulnerabilities and has 676 fixes is now available. Category: security (moderate) Bug References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541 CVE References: CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694 JIRA References: Sources used: openSUSE Leap 15.2 (src): kernel-rt-5.3.18-lp152.3.5.1, kernel-rt_debug-5.3.18-lp152.3.5.1, kernel-source-rt-5.3.18-lp152.3.5.1, kernel-syms-rt-5.3.18-lp152.3.5.1
*** Bug 1182109 has been marked as a duplicate of this bug. ***