Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.3713.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:3713-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3713-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3713-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
which could have allowed local users to gain privileges or cause a
denial of service (bsc#1179141).

CVE-2020-15437: Fixed a null pointer dereference which could have
allowed local users to cause a denial of service(bsc#1179140).

CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op
(bsc#1178123).

CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()
(bsc#1178182).

CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()
(bsc#1178393).

CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)

CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could
have been used by local attackers to read kernel memory (bsc#1178886).

CVE-2020-28941: Fixed an issue where local attackers on systems with the
speakup driver could cause a local denial of service attack
(bsc#1178740).

CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could
have been used by local attackers to read privileged information or
potentially crash the kernel (bsc#1178589).

CVE-2020-29371: Fixed uninitialized memory leaks to userspace
(bsc#1179429).

CVE-2020-4788: Fixed an issue with IBM Power9 processors could have
allowed a local user to obtain sensitive information from the data in
the L1 cache under extenuating circumstances (bsc#1177666).

CVE-2020-8694, CVE-2020-8695: Fixed an insufficient access control in
the Linux kernel driver for some Intel(R) Processors which might have
allowed an authenticated user to potentially enable information
disclosure via local access (bsc#1170415 bsc#1170446)

CVE-2020-28368: Fixed Intel RAPL sidechannel attack aka PLATYPUS attack
(XSA-351 bsc#1178591).

CVE-2020-29369: Fixed a race condition between certain expand functions
(expand_downwards and expand_upwards) and page-table free operations
from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bsc#1179432).

The following non-security bugs were fixed:

9P: Cast to loff_t before multiplying (git-fixes).

ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).

ACPICA: Add NHLT table signature (bsc#1176200).

ACPI: dock: fix enum-conversion warning (git-fixes).

ACPI / extlog: Check for RDMSR failure (git-fixes).

ACPI: GED: fix -Wformat (git-fixes).

ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).

ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).

Add bug reference to two hv_netvsc patches (bsc#1178853).

ALSA: ctl: fix error path at adding user-defined element set (git-fixes).

ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
(git-fixes).

ALSA: fix kernel-doc markups (git-fixes).

ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).

ALSA: hda: prevent undefined ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-4788
https://www.ibm.com/support/pages/node/6370729
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/
http://www.openwall.com/lists/oss-security/2020/11/20/3
http://www.openwall.com/lists/oss-security/2020/11/23/1
XForce ISS Database: ibm-i-cve20204788-info-disc (189296)
https://exchange.xforce.ibmcloud.com/vulnerabilities/189296
Common Vulnerability Exposure (CVE) ID: CVE-2020-8694
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-8695
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ24MFBVH3HJW3PNRQBRY4YXKC7GA57W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEM2FZWVE4FNGYNQU3WCBAWTZRBWDYUR/
https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.