Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2021.0117.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2021:0117-1)
Resumen:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:0117-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:0117-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).

CVE-2020-36158: Fixed a potential remote code execution in the Marvell
mwifiex driver (bsc#1180559).

CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls
(bsc#1179960).

CVE-2020-0466: Fixed a use-after-free due to a logic error in
do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).

CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds
check in the nl80211_policy policy of nl80211.c (bnc#1180086).

CVE-2020-0444: Fixed a bad kfree due to a logic error in
audit_data_to_entry (bnc#1180027).

CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c
that could have led to local privilege escalation (bnc#1180029).

CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed
a use-after-free attack against TIOCSPGRP (bsc#1179745).

CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that
may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).

CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction
Services (RTAS) interface, affecting guests running on top of PowerVM or
KVM hypervisors (bnc#1179107).

CVE-2020-29373: Fixed an unsafe handling of the root directory during
path lookups in fs/io_uring.c (bnc#1179434).

CVE-2020-11668: Fixed the mishandling of invalid descriptors in the
Xirlink camera USB driver (bnc#1168952).

CVE-2020-27830: Fixed a null pointer dereference in speakup
(bsc#1179656).

CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk
(bnc#1179435).

CVE-2020-27786: Fixed a use after free in kernel midi subsystem
snd_rawmidi_kernel_read1() (bsc#1179601).

The following non-security bugs were fixed:

ACPI: APEI: Kick the memory_failure() queue for synchronous errors
(jsc#SLE-16610).

ACPI: PNP: compare the string length in the matching_id() (git-fixes).

ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G
(git-fixes).

ALSA: core: memalloc: add page alignment for iram (git-fixes).

ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).

ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).

ALSA: hda/generic: Add option to enforce preferred_dacs pairs
(git-fixes).

ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes).

ALSA: hda/hdmi: packet buffer index must be set before reading value
(git-fixes).

ALSA: hda/proc - print DP-MST connections (git-fixes).

ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).

ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button
(git-fixes).

ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
(git-fixes).

ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
(git-fixes).

... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise High Availability 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-0444
https://source.android.com/security/bulletin/2020-12-01
Common Vulnerability Exposure (CVE) ID: CVE-2020-0465
Common Vulnerability Exposure (CVE) ID: CVE-2020-0466
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.