Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:3713-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3713-1 advisory.
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:3713-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
which could have allowed local users to gain privileges or cause a
denial of service (bsc#1179141).

CVE-2020-15437: Fixed a null pointer dereference which could have
allowed local users to cause a denial of service(bsc#1179140).

CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op

CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()

CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()

CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)

CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could
have been used by local attackers to read kernel memory (bsc#1178886).

CVE-2020-28941: Fixed an issue where local attackers on systems with the
speakup driver could cause a local denial of service attack

CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could
have been used by local attackers to read privileged information or
potentially crash the kernel (bsc#1178589).

CVE-2020-29371: Fixed uninitialized memory leaks to userspace

CVE-2020-4788: Fixed an issue with IBM Power9 processors could have
allowed a local user to obtain sensitive information from the data in
the L1 cache under extenuating circumstances (bsc#1177666).

CVE-2020-8694, CVE-2020-8695: Fixed an insufficient access control in
the Linux kernel driver for some Intel(R) Processors which might have
allowed an authenticated user to potentially enable information
disclosure via local access (bsc#1170415 bsc#1170446)

CVE-2020-28368: Fixed Intel RAPL sidechannel attack aka PLATYPUS attack
(XSA-351 bsc#1178591).

CVE-2020-29369: Fixed a race condition between certain expand functions
(expand_downwards and expand_upwards) and page-table free operations
from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bsc#1179432).

The following non-security bugs were fixed:

9P: Cast to loff_t before multiplying (git-fixes).

ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).

ACPICA: Add NHLT table signature (bsc#1176200).

ACPI: dock: fix enum-conversion warning (git-fixes).

ACPI / extlog: Check for RDMSR failure (git-fixes).

ACPI: GED: fix -Wformat (git-fixes).

ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).

ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).

Add bug reference to two hv_netvsc patches (bsc#1178853).

ALSA: ctl: fix error path at adding user-defined element set (git-fixes).

ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()

ALSA: fix kernel-doc markups (git-fixes).

ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).

ALSA: hda: prevent undefined ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15-SP2

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-4788
XForce ISS Database: ibm-i-cve20204788-info-disc (189296)
Common Vulnerability Exposure (CVE) ID: CVE-2020-8694
Common Vulnerability Exposure (CVE) ID: CVE-2020-8695
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.