Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2020.2980.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2020:2980-1)
Zusammenfassung:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2980-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2980-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-12351: Fixed a type confusion while processing AMP packets aka
'BleedingTooth' aka 'BadKarma' (bsc#1177724).

CVE-2020-24490: Fixed a heap buffer overflow when processing extended
advertising report events aka 'BleedingTooth' aka 'BadVibes'
(bsc#1177726).

CVE-2020-12352: Fixed an information leak when processing certain AMP
packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).

CVE-2020-25641: Fixed a zero-length biovec request issued by the block
subsystem could have caused the kernel to enter an infinite loop,
causing a denial of service (bsc#1177121).

CVE-2020-25643: Fixed a memory corruption and a read overflow which
could have caused by improper input validation in the ppp_cp_parse_cr
function (bsc#1177206).

CVE-2020-25645: Fixed an issue which traffic between two Geneve
endpoints may be unencrypted when IPsec is configured to encrypt traffic
for the specific UDP port used by the GENEVE tunnel allowing anyone
between the two endpoints to read the traffic unencrypted (bsc#1177511).

The following non-security bugs were fixed:

9p: Fix memory leak in v9fs_mount (git-fixes).

ACPI: EC: Reference count query handlers under lock (git-fixes).

airo: Fix read overflows sending packets (git-fixes).

ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).

arm64: Enable PCI write-combine resources under sysfs (bsc#1175807).

ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes).

ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
(git-fixes).

ASoC: kirkwood: fix IRQ error handling (git-fixes).

ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect
functions (git-fixes).

ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
(git-fixes).

ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes).

ath10k: fix array out-of-bounds access (git-fixes).

ath10k: fix memory leak for tpc_stats_final (git-fixes).

ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).

Bluetooth: Fix refcount use-after-free issue (git-fixes).

Bluetooth: guard against controllers sending zero'd events (git-fixes).

Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
(git-fixes).

Bluetooth: L2CAP: handle l2cap config request during open state
(git-fixes).

Bluetooth: prefetch channel before killing sock (git-fixes).

brcmfmac: Fix double freeing in the fmac usb data path (git-fixes).

btrfs: block-group: do not set the wrong READA flag for
btrfs_read_block_groups() (bsc#1176019).

btrfs: block-group: fix free-space bitmap threshold (bsc#1176019).

btrfs: block-group: refactor how we delete one block group item
(bsc#1176019).

btrfs: block-group: refactor how we insert a block group item
(bsc#1176019).

btrfs: block-group: refactor how we r... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise High Availability 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-12351
Common Vulnerability Exposure (CVE) ID: CVE-2020-12352
Common Vulnerability Exposure (CVE) ID: CVE-2020-24490
Common Vulnerability Exposure (CVE) ID: CVE-2020-25641
Common Vulnerability Exposure (CVE) ID: CVE-2020-25643
Common Vulnerability Exposure (CVE) ID: CVE-2020-25645
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.