Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2020.1146.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2020:1146-1)
Zusammenfassung:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:1146-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:1146-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-8834: KVM on Power8 processors had a conflicting use of
HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in
kvmppc_{save,restore}_tm, leading to a stack corruption. Because of
this, an attacker with the ability to run code in kernel space of a
guest VM can cause the host kernel to panic (bnc#1168276).

CVE-2020-11494: An issue was discovered in slc_bump in
drivers/net/can/slcan.c, which allowed attackers to read uninitialized
can_frame data, potentially containing sensitive information from kernel
stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL
(bnc#1168424).

CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks
validation of an sk_family field, which might allow attackers to trigger
kernel stack corruption via crafted system calls (bnc#1167629).

CVE-2019-9458: In the video driver there was a use after free due to a
race condition. This could lead to local escalation of privilege with no
additional execution privileges needed (bnc#1168295).

CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a
system crash (bnc#1120386).

CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function
(bsc#1159198).

CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S
did not have save/restore functionality for PNV_POWERSAVE_AMR,
PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).

The following non-security bugs were fixed:

ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).

ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).

ahci: Add support for Amazon's Annapurna Labs SATA controller
(bsc#1169013).

ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).

ALSA: core: Add snd_device_get_state() helper (bsc#1051510).

ALSA: core: Replace zero-length array with flexible-array member
(bsc#1051510).

ALSA: emu10k1: Fix endianness annotations (bsc#1051510).

ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA
X99 Classified motherboard (bsc#1051510).

ALSA: hda/ca0132 - Replace zero-length array with flexible-array member
(bsc#1051510).

ALSA: hda_codec: Replace zero-length array with flexible-array member
(bsc#1051510).

ALSA: hda: default enable CA0132 DSP support (bsc#1051510).

ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).

ALSA: hda/realtek - a fake key event is triggered by running shutup
(bsc#1051510).

ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
(git-fixes).

ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).

ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
(git-fixes).

ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).

ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups
(bs... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Live Patching 15-SP1, SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise High Availability 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-3701
BugTraq ID: 106443
http://www.securityfocus.com/bid/106443
https://bugzilla.suse.com/show_bug.cgi?id=1120386
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68
https://marc.info/?l=linux-netdev&m=154651842302479&w=2
https://marc.info/?l=linux-netdev&m=154661373531512&w=2
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
SuSE Security Announcement: openSUSE-SU-2020:0543 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html
https://usn.ubuntu.com/3932-1/
https://usn.ubuntu.com/3932-2/
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9458
https://source.android.com/security/bulletin/pixel/2019-09-01
Common Vulnerability Exposure (CVE) ID: CVE-2020-8834
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717
https://usn.ubuntu.com/usn/usn-4318-1
https://www.openwall.com/lists/oss-security/2020/04/06/2
https://usn.ubuntu.com/4318-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.