|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2020:0560-1)|
|Summary:||The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:0560-1 advisory.|
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:0560-1 advisory.
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in
fs/ext4/block_validity.c that allowed attackers to cause a soft lockup
via a crafted journal size (bnc#1164069).
CVE-2020-8648: There was a use-after-free vulnerability in the
n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).
CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. It
did not check the length of variable elements in a beacon head, leading
to a buffer overflow (bnc#1152107).
CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which
allowed local users to cause a denial of service (OOPS) or possibly
obtain sensitive information from kernel memory, aka CID-d0cb50185ae9
CVE-2019-19045: A memory leak in
drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to
cause a denial of service (memory consumption) by triggering
mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).
CVE-2019-16994: A memory leak existed in sit_init_net() in
net/ipv6/sit.c which might have caused denial of service, aka
CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in
drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a
denial of service (memory consumption) by triggering kfifo_alloc()
failures, aka CID-a7b2df76b42b (bnc#1161518).
CVE-2019-14896: A heap-based buffer overflow vulnerability was found in
the Marvell WiFi driver. A remote attacker could cause a denial of
service (system crash) or, possibly execute arbitrary code, when the
lbs_ibss_join_existing function is called after a STA connects to an AP
CVE-2019-14897: A stack-based buffer overflow was found in the Marvell
WiFi driver. An attacker is able to cause a denial of service (system
crash) or, possibly execute arbitrary code, when a STA works in IBSS
mode (allows connecting stations together without the use of an AP) and
connects to another STA (bnc#1157155).
CVE-2020-7053: There was a use-after-free (write) in the
i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka
CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a
CVE-2019-19036: An issue discovered in btrfs_root_node in
fs/btrfs/ctree.c allowed a NULL pointer dereference because
rcu_dereference(root->node) can be zero (bnc#1157692).
CVE-2019-14615: An information disclosure vulnerability existed due to
insufficient control flow in certain data structures for some Intel(R)
CVE-2019-19965: There was a NULL pointer dereference in
drivers/scsi/libsas/sas_discover.c because of mishandling of port
disconnection during discovery, related to a PHY do... [Please see the references for more information on the vulnerabilities]
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Live Patching 15-SP1, SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise High Availability 15-SP1
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2020-2732|
Debian Security Information: DSA-4667 (Google Search)
Debian Security Information: DSA-4698 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-7053
SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-8428
Common Vulnerability Exposure (CVE) ID: CVE-2020-8648
Common Vulnerability Exposure (CVE) ID: CVE-2020-8992
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.