Búsqueda de    
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2020:1146-1)
Resumen:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:1146-1 advisory.
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:1146-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-8834: KVM on Power8 processors had a conflicting use of
HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in
kvmppc_{save,restore}_tm, leading to a stack corruption. Because of
this, an attacker with the ability to run code in kernel space of a
guest VM can cause the host kernel to panic (bnc#1168276).

CVE-2020-11494: An issue was discovered in slc_bump in
drivers/net/can/slcan.c, which allowed attackers to read uninitialized
can_frame data, potentially containing sensitive information from kernel
stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL

CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks
validation of an sk_family field, which might allow attackers to trigger
kernel stack corruption via crafted system calls (bnc#1167629).

CVE-2019-9458: In the video driver there was a use after free due to a
race condition. This could lead to local escalation of privilege with no
additional execution privileges needed (bnc#1168295).

CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a
system crash (bnc#1120386).

CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function

CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S
did not have save/restore functionality for PNV_POWERSAVE_AMR,

The following non-security bugs were fixed:

ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).

ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).

ahci: Add support for Amazon's Annapurna Labs SATA controller

ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).

ALSA: core: Add snd_device_get_state() helper (bsc#1051510).

ALSA: core: Replace zero-length array with flexible-array member

ALSA: emu10k1: Fix endianness annotations (bsc#1051510).

ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA
X99 Classified motherboard (bsc#1051510).

ALSA: hda/ca0132 - Replace zero-length array with flexible-array member

ALSA: hda_codec: Replace zero-length array with flexible-array member

ALSA: hda: default enable CA0132 DSP support (bsc#1051510).

ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).

ALSA: hda/realtek - a fake key event is triggered by running shutup

ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662

ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).

ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662

ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).

ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups
(bs... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Live Patching 15-SP1, SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise High Availability 15-SP1

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-3701
BugTraq ID: 106443
SuSE Security Announcement: openSUSE-SU-2020:0543 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2019-9458
Common Vulnerability Exposure (CVE) ID: CVE-2020-8834
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

© 1998-2021 E-Soft Inc. Todos los derechos reservados.