Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2021:0117-1)
Zusammenfassung:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:0117-1 advisory.
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:0117-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).

CVE-2020-36158: Fixed a potential remote code execution in the Marvell
mwifiex driver (bsc#1180559).

CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls

CVE-2020-0466: Fixed a use-after-free due to a logic error in
do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).

CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds
check in the nl80211_policy policy of nl80211.c (bnc#1180086).

CVE-2020-0444: Fixed a bad kfree due to a logic error in
audit_data_to_entry (bnc#1180027).

CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c
that could have led to local privilege escalation (bnc#1180029).

CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed
a use-after-free attack against TIOCSPGRP (bsc#1179745).

CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that
may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).

CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction
Services (RTAS) interface, affecting guests running on top of PowerVM or
KVM hypervisors (bnc#1179107).

CVE-2020-29373: Fixed an unsafe handling of the root directory during
path lookups in fs/io_uring.c (bnc#1179434).

CVE-2020-11668: Fixed the mishandling of invalid descriptors in the
Xirlink camera USB driver (bnc#1168952).

CVE-2020-27830: Fixed a null pointer dereference in speakup

CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk

CVE-2020-27786: Fixed a use after free in kernel midi subsystem
snd_rawmidi_kernel_read1() (bsc#1179601).

The following non-security bugs were fixed:

ACPI: APEI: Kick the memory_failure() queue for synchronous errors

ACPI: PNP: compare the string length in the matching_id() (git-fixes).

ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G

ALSA: core: memalloc: add page alignment for iram (git-fixes).

ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).

ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).

ALSA: hda/generic: Add option to enforce preferred_dacs pairs

ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes).

ALSA: hda/hdmi: packet buffer index must be set before reading value

ALSA: hda/proc - print DP-MST connections (git-fixes).

ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).

ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button

ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255

ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256

... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise High Availability 15-SP2

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-0444
Common Vulnerability Exposure (CVE) ID: CVE-2020-0465
Common Vulnerability Exposure (CVE) ID: CVE-2020-0466
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.