Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.3122.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:3122-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3122-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3122-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

CVE-2020-25285: A race condition between hugetlb sysctl handlers in
mm/hugetlb.c could be used by local attackers to corrupt memory, cause a
NULL pointer dereference, or possibly have unspecified other impact
(bnc#1176485).

CVE-2020-16120: Fixed permission check to open real file when using
overlayfs. It was possible to have a file not readable by an
unprivileged user be copied to a mountpoint controlled by that user and
then be able to access the file. (bsc#1177470)

CVE-2020-14351: Fixed a race condition in the perf_mmap_close() function
(bsc#1177086).

The following non-security bugs were fixed:

ACPI: Always build evged in (git-fixes).

ACPI: button: fix handling lid state changes when input device closed
(git-fixes).

ACPI: configfs: Add missing config_item_put() to fix refcount leak
(git-fixes).

acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).

ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).

Add CONFIG_CHECK_CODESIGN_EKU

ALSA: ac97: (cosmetic) align argument names (git-fixes).

ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).

ALSA: asihpi: fix spellint typo in comments (git-fixes).

ALSA: atmel: ac97: clarify operator precedence (git-fixes).

ALSA: bebob: potential info leak in hwdep_read() (git-fixes).

ALSA: compress_offload: remove redundant initialization (git-fixes).

ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).

ALSA: core: pcm: simplify locking for timers (git-fixes).

ALSA: core: timer: clarify operator precedence (git-fixes).

ALSA: core: timer: remove redundant assignment (git-fixes).

ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock
(git-fixes).

ALSA: fireworks: use semicolons rather than commas to separate
statements (git-fixes).

ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).

ALSA: hda: (cosmetic) align function parameters (git-fixes).

ALSA: hda - Do not register a cb func if it is registered already
(git-fixes).

ALSA: hda - Fix the return value if cb func is already registered
(git-fixes).

ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes).

ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7
(git-fixes).

ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
(git-fixes).

ALSA: hda/realtek - set mic to auto detect on a HP AIO machine
(git-fixes).

ALSA: hda/realtek - The front Mic on a HP machine does not work
(git-fixes).

ALSA: hda: use semicolons rather than commas to separate statements
(git-fixes).

ALSA: hdspm: Fix typo arbitrary (git-fixes).

ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).

ALSA: portman2x4: fix repeated word 'if' (git-fixes).

ALSA: rawmidi: (cosmetic) align function pa... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise High Availability 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-14351
Common Vulnerability Exposure (CVE) ID: CVE-2020-16120
Common Vulnerability Exposure (CVE) ID: CVE-2020-25285
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.