Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.14354.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:14354-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:14354-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:14354-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks
validation of an sk_family field, which might allow attackers to trigger
kernel stack corruption via crafted system calls (bsc#1167629).

CVE-2020-8647: There was a use-after-free vulnerability in the
vc_do_resize function in drivers/tty/vt/vt.c (bsc#1162929).

CVE-2020-8649: There was a use-after-free vulnerability in the
vgacon_invert_region function in drivers/video/console/vgacon.c
(bsc#1162931).

CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c
leads to a wait_til_ready out-of-bounds read because the FDC index is
not checked for errors before assigning it (bsc#1165111).

CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function
in kernel/trace/blktrace.c (bsc#1159285).

CVE-2020-11608: Fixed a NULL pointer dereferences in
ov511_mode_init_regs and ov518_mode_init_regs when there are zero
endpoints (bsc#1168829).

CVE-2020-8648: There was a use-after-free vulnerability in the
n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928).

CVE-2019-14896: A heap-based buffer overflow vulnerability was found in
Marvell WiFi chip driver. A remote attacker could cause a denial of
service or possibly execute arbitrary code, when the
lbs_ibss_join_existing function is called after a STA connects to an AP
(bsc#1157157).

CVE-2019-14897: A stack-based buffer overflow was found in the Marvell
WiFi chip driver. An attacker is able to cause a denial of service or
possibly execute arbitrary code, when a STA works in IBSS mode and
connects to another STA (bsc#1157155).

CVE-2019-18675: Fixed an Integer Overflow in cpia2_remap_buffer in
drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap
implementation. This allowed local users to obtain read and write
permissions on kernel physical pages, which can possibly result in a
privilege escalation (bsc#1157804).

CVE-2019-19965: Fixed a NULL pointer dereference in
drivers/scsi/libsas/sas_discover.c because of mishandling of port
disconnection during discovery, related to a PHY down race condition
(bsc#1159911).

CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in
drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of
service by triggering bfa_port_get_stats() failures (bsc#1157303).

CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in
net/dccp/feat.c, which may cause denial of service (bsc#1159908).

CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in
drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service
(bsc#1159841).

CVE-2019-19532: Fixed multiple out-of-bounds write bugs that can be
caused by a malicious USB device (bsc#1158824).

CVE-2019-19523: Fixed a use-after-free bug that can be ca... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-8647
Debian Security Information: DSA-4698 (Google Search)
https://www.debian.org/security/2020/dsa-4698
https://bugzilla.kernel.org/show_bug.cgi?id=206359
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
SuSE Security Announcement: openSUSE-SU-2020:0388 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-8648
https://bugzilla.kernel.org/show_bug.cgi?id=206361
SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
https://usn.ubuntu.com/4342-1/
https://usn.ubuntu.com/4344-1/
https://usn.ubuntu.com/4345-1/
https://usn.ubuntu.com/4346-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8649
https://bugzilla.kernel.org/show_bug.cgi?id=206357
Common Vulnerability Exposure (CVE) ID: CVE-2020-9383
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530
https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.