Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2020.3491.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2020:3491-1)
Zusammenfassung:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3491-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3491-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel Azure was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl
(bnc#1177766).

CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers
in mm/hugetlb.c (bnc#1176485).

CVE-2020-14351: Fixed a race in the perf_mmap_close() function
(bsc#1177086).

CVE-2020-16120: Fixed a permissions issue in ovl_path_open()
(bsc#1177470).

CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops
filter addition (bsc#1177724).

CVE-2020-12352: Fixed an information leak when processing certain AMP
packets aka 'BleedingTooth' (bsc#1177725).

CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code
(bnc#1176381).

CVE-2020-25645: Fixed an issue in IPsec that caused traffic between
two Geneve endpoints to be unencrypted (bnc#1177511).

CVE-2020-24490: Fixed a heap buffer overflow when processing extended
advertising report events aka 'BleedingTooth' aka 'BadVibes'
(bsc#1177726).

CVE-2020-25641: Fixed a zero-length biovec request issued by the block
subsystem could have caused the kernel to enter an infinite loop,
causing a denial of service (bsc#1177121).

CVE-2020-25643: Fixed a memory corruption and a read overflow which
could have caused by improper input validation in the ppp_cp_parse_cr
function (bsc#1177206).

CVE-2020-27673: Fixed an issue where rogue guests could have caused
denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)

CVE-2020-27675: Fixed a race condition in event handler which may crash
dom0 (XSA-331 bsc#1177410).

CVE-2020-25705: A ICMP global rate limiting side-channel was removed
which could lead to e.g. the SADDNS attack (bsc#1175721)

The following non-security bugs were fixed:

9p: Fix memory leak in v9fs_mount (git-fixes).

ACPI: Always build evged in (git-fixes).

ACPI: button: fix handling lid state changes when input device closed
(git-fixes).

ACPI: configfs: Add missing config_item_put() to fix refcount leak
(git-fixes).

acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).

ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).

ACPI: EC: Reference count query handlers under lock (git-fixes).

act_ife: load meta modules before tcf_idr_check_alloc()
(networking-stable-20_09_24).

Add CONFIG_CHECK_CODESIGN_EKU

airo: Fix read overflows sending packets (git-fixes).

ALSA: ac97: (cosmetic) align argument names (git-fixes).

ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).

ALSA: asihpi: fix spellint typo in comments (git-fixes).

ALSA: atmel: ac97: clarify operator precedence (git-fixes).

ALSA: bebob: potential info leak in hwdep_read() (git-fixes).

ALSA: compress_offload: remove redundant initialization (git-fixes).

ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).

... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-12351
Common Vulnerability Exposure (CVE) ID: CVE-2020-12352
Common Vulnerability Exposure (CVE) ID: CVE-2020-14351
Common Vulnerability Exposure (CVE) ID: CVE-2020-16120
Common Vulnerability Exposure (CVE) ID: CVE-2020-24490
Common Vulnerability Exposure (CVE) ID: CVE-2020-25212
Common Vulnerability Exposure (CVE) ID: CVE-2020-25285
Common Vulnerability Exposure (CVE) ID: CVE-2020-25641
Common Vulnerability Exposure (CVE) ID: CVE-2020-25643
Common Vulnerability Exposure (CVE) ID: CVE-2020-25645
Common Vulnerability Exposure (CVE) ID: CVE-2020-25656
Common Vulnerability Exposure (CVE) ID: CVE-2020-25705
Common Vulnerability Exposure (CVE) ID: CVE-2020-27673
Common Vulnerability Exposure (CVE) ID: CVE-2020-27675
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.