Búsqueda de    
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2020:2980-1)
Resumen:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2980-1 advisory.
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2980-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-12351: Fixed a type confusion while processing AMP packets aka
'BleedingTooth' aka 'BadKarma' (bsc#1177724).

CVE-2020-24490: Fixed a heap buffer overflow when processing extended
advertising report events aka 'BleedingTooth' aka 'BadVibes'

CVE-2020-12352: Fixed an information leak when processing certain AMP
packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).

CVE-2020-25641: Fixed a zero-length biovec request issued by the block
subsystem could have caused the kernel to enter an infinite loop,
causing a denial of service (bsc#1177121).

CVE-2020-25643: Fixed a memory corruption and a read overflow which
could have caused by improper input validation in the ppp_cp_parse_cr
function (bsc#1177206).

CVE-2020-25645: Fixed an issue which traffic between two Geneve
endpoints may be unencrypted when IPsec is configured to encrypt traffic
for the specific UDP port used by the GENEVE tunnel allowing anyone
between the two endpoints to read the traffic unencrypted (bsc#1177511).

The following non-security bugs were fixed:

9p: Fix memory leak in v9fs_mount (git-fixes).

ACPI: EC: Reference count query handlers under lock (git-fixes).

airo: Fix read overflows sending packets (git-fixes).

ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).

arm64: Enable PCI write-combine resources under sysfs (bsc#1175807).

ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes).

ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1

ASoC: kirkwood: fix IRQ error handling (git-fixes).

ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect
functions (git-fixes).

ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811

ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes).

ath10k: fix array out-of-bounds access (git-fixes).

ath10k: fix memory leak for tpc_stats_final (git-fixes).

ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).

Bluetooth: Fix refcount use-after-free issue (git-fixes).

Bluetooth: guard against controllers sending zero'd events (git-fixes).

Bluetooth: Handle Inquiry Cancel error after Inquiry Complete

Bluetooth: L2CAP: handle l2cap config request during open state

Bluetooth: prefetch channel before killing sock (git-fixes).

brcmfmac: Fix double freeing in the fmac usb data path (git-fixes).

btrfs: block-group: do not set the wrong READA flag for
btrfs_read_block_groups() (bsc#1176019).

btrfs: block-group: fix free-space bitmap threshold (bsc#1176019).

btrfs: block-group: refactor how we delete one block group item

btrfs: block-group: refactor how we insert a block group item

btrfs: block-group: refactor how we r... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise High Availability 15-SP2

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-12351
Common Vulnerability Exposure (CVE) ID: CVE-2020-12352
Common Vulnerability Exposure (CVE) ID: CVE-2020-24490
Common Vulnerability Exposure (CVE) ID: CVE-2020-25641
Common Vulnerability Exposure (CVE) ID: CVE-2020-25643
Common Vulnerability Exposure (CVE) ID: CVE-2020-25645
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

© 1998-2021 E-Soft Inc. Todos los derechos reservados.