Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-4788 (GCVE-0-2020-4788)
Vulnerability from cvelistv5 – Published: 2020-11-20 03:45 – Updated: 2024-09-16 19:05
VLAI
EPSS
Summary
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
Severity
CWE
- Obtain Information
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6370729 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2020/11/20/3 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2020/11/23/1 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
Date Public
2020-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"name": "ibm-i-cve20204788-info-disc (189296)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
},
{
"name": "FEDORA-2020-4700a73bd5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/"
},
{
"name": "FEDORA-2020-8c15928d23",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VIOS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1"
}
]
},
{
"product": "AIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
}
]
}
],
"datePublic": "2020-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/C:H/AV:L/AC:H/S:U/A:N/I:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:22:49.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"name": "ibm-i-cve20204788-info-disc (189296)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
},
{
"name": "FEDORA-2020-4700a73bd5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/"
},
{
"name": "FEDORA-2020-8c15928d23",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-11-19T00:00:00",
"ID": "CVE-2020-4788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VIOS",
"version": {
"version_data": [
{
"version_value": "3.1"
}
]
}
},
{
"product_name": "AIX",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6370729",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6370729 (AIX)",
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"name": "ibm-i-cve20204788-info-disc (189296)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
},
{
"name": "FEDORA-2020-4700a73bd5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/"
},
{
"name": "FEDORA-2020-8c15928d23",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4788",
"datePublished": "2020-11-20T03:45:13.599Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:05:08.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-4788",
"date": "2026-05-29",
"epss": "0.00198",
"percentile": "0.41689"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-4788\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2020-11-20T04:15:11.063\",\"lastModified\":\"2024-11-21T05:33:15.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\"},{\"lang\":\"es\",\"value\":\"Los procesadores IBM Power9 (AIX versiones 7.1, 7.2 y VIOS versi\u00f3n 3.1), podr\u00edan permitir a un usuario local obtener informaci\u00f3n confidencial de los datos en la cach\u00e9 L1 en circunstancias atenuantes. IBM X-Force ID: 189296\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3939ADB4-5177-45C2-9C29-932E81D27F9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:vios:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B809C4C8-2FE4-4DB6-8975-4259FF705D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:vios:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4149DA62-D7FA-4431-8139-419AAB6EE744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B1C208E-967A-40B1-AD9D-AFBA78D3C317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F204DE-2F8F-4854-A127-9CF20F3CEC2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AE65FF3-C4F6-4BAF-85D3-CA86D16E8B60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF8D4C29-833C-4467-B06A-D8067AAEF3D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"984D9159-2FF2-4D1E-94F7-CC207C04F125\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB863845-F3F4-46AD-B686-F9B6B7EF3607\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:power9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BA7D79D-5032-41BC-BC5C-1029BD551FAF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EDB6772-7FDB-45FF-8D72-952902A7EE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9955F62A-75D3-4347-9AD3-5947FC365838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A6D77C7-A2F4-4700-AB5A-3EC853496ECA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/20/3\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/23/1\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/189296\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://www.ibm.com/support/pages/node/6370729\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/23/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/189296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ibm.com/support/pages/node/6370729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-125
Vulnerability from certfr_avis - Published: 2021-02-17 - Updated: 2021-02-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14390"
},
{
"name": "CVE-2020-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28974"
},
{
"name": "CVE-2020-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
},
{
"name": "CVE-2020-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28915"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2020-29660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"name": "CVE-2020-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4788"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2020-25284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25284"
},
{
"name": "CVE-2020-27786",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27786"
},
{
"name": "CVE-2020-0404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0404"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-27068",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27068"
},
{
"name": "CVE-2020-36158",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-15437",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15437"
},
{
"name": "CVE-2020-14353",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14353"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2020-25669",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25669"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2020-25668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25668"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2020-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0431"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"initial_release_date": "2021-02-17T00:00:00",
"last_revision_date": "2021-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-125",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de SUSE suse-su-202114630-1 du 16 f\u00e9vrier 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114630-1/"
}
]
}
CERTFR-2021-AVI-916
Vulnerability from certfr_avis - Published: 2021-12-03 - Updated: 2021-12-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4-LTSS | ||
| SUSE | N/A | SUSE CaaS Platform 4.0 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-LTSS | ||
| SUSE | N/A | SUSE Enterprise Storage 6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-20322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
},
{
"name": "CVE-2021-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3655"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2021-34556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34556"
},
{
"name": "CVE-2021-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3679"
},
{
"name": "CVE-2020-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3702"
},
{
"name": "CVE-2020-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4788"
},
{
"name": "CVE-2019-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3874"
},
{
"name": "CVE-2021-41864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2014-7841",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7841"
},
{
"name": "CVE-2021-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3542"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2021-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38160"
},
{
"name": "CVE-2021-3760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3760"
},
{
"name": "CVE-2021-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3772"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2021-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3659"
},
{
"name": "CVE-2021-34981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34981"
},
{
"name": "CVE-2021-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3759"
},
{
"name": "CVE-2018-13405",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
},
{
"name": "CVE-2021-37159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37159"
},
{
"name": "CVE-2021-40490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40490"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2021-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
},
{
"name": "CVE-2021-0941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0941"
},
{
"name": "CVE-2021-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3640"
},
{
"name": "CVE-2021-38198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38198"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2019-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3900"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2021-3732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3732"
},
{
"name": "CVE-2021-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
},
{
"name": "CVE-2021-42008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42008"
},
{
"name": "CVE-2021-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42252"
},
{
"name": "CVE-2021-35477",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35477"
},
{
"name": "CVE-2021-3744",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3744"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2018-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9517"
},
{
"name": "CVE-2020-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0429"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2021-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43389"
}
],
"initial_release_date": "2021-12-03T00:00:00",
"last_revision_date": "2021-12-03T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-916",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-202114849-1 du 01 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114849-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213877-1 du 01 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213877-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213876-1 du 01 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213876-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213848-1 du 01 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213848-1/"
}
]
}
CERTFR-2021-AVI-923
Vulnerability from certfr_avis - Published: 2021-12-08 - Updated: 2021-12-08
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | N/A | SUSE MicroOS 5.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | N/A | SUSE MicroOS 5.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | N/A | HPE Helion Openstack 8 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-BCL | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP2 | ||
| SUSE | N/A | SUSE OpenStack Cloud 8 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 8 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE MicroOS 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE MicroOS 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "HPE Helion Openstack 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-20322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
},
{
"name": "CVE-2021-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3655"
},
{
"name": "CVE-2017-17864",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17864"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2021-34556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34556"
},
{
"name": "CVE-2021-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3896"
},
{
"name": "CVE-2018-16882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16882"
},
{
"name": "CVE-2021-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3679"
},
{
"name": "CVE-2020-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3702"
},
{
"name": "CVE-2020-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4788"
},
{
"name": "CVE-2019-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3874"
},
{
"name": "CVE-2021-41864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2021-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3542"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2021-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38160"
},
{
"name": "CVE-2021-3760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3760"
},
{
"name": "CVE-2020-12655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12655"
},
{
"name": "CVE-2021-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3772"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2017-17862",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17862"
},
{
"name": "CVE-2021-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3659"
},
{
"name": "CVE-2021-34981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34981"
},
{
"name": "CVE-2018-13405",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2021-37159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37159"
},
{
"name": "CVE-2021-40490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40490"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2021-0941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0941"
},
{
"name": "CVE-2021-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3640"
},
{
"name": "CVE-2021-38198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38198"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2019-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3900"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2021-20320",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20320"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2021-3732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3732"
},
{
"name": "CVE-2021-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
},
{
"name": "CVE-2021-42008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42008"
},
{
"name": "CVE-2021-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42252"
},
{
"name": "CVE-2021-35477",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35477"
},
{
"name": "CVE-2021-3744",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3744"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2018-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9517"
},
{
"name": "CVE-2020-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0429"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2021-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43389"
}
],
"initial_release_date": "2021-12-08T00:00:00",
"last_revision_date": "2021-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213933-1 du 06 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213933-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213929-1 du 06 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213929-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213941-1 du 07 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213941-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213969-1 du 08 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213969-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20213935-1 du 07 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213935-1/"
}
]
}
Title
IBM Power processor信息泄露漏洞
Description
IBM Power System是美国IBM公司的一款基于Power处理器的服务器计算机。
IBM Power9 processor存在安全漏洞,攻击者可利用该漏洞在适当的情况下从L1缓存中的数据中获取敏感信息。
Severity
低
Patch Name
IBM Power processor信息泄露漏洞的补丁
Patch Description
IBM Power System是美国IBM公司的一款基于Power处理器的服务器计算机。
IBM Power9 processor存在安全漏洞,攻击者可利用该漏洞在适当的情况下从L1缓存中的数据中获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.ibm.com/support/pages/node/6370729
Reference
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-4788-in-the-ibm-power9-processor-affects-ibm-i/
Impacted products
| Name | IBM IBM Power9 processor |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-4788",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-4788"
}
},
"description": "IBM Power System\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8ePower\u5904\u7406\u5668\u7684\u670d\u52a1\u5668\u8ba1\u7b97\u673a\u3002\n\nIBM Power9 processor\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u9002\u5f53\u7684\u60c5\u51b5\u4e0b\u4eceL1\u7f13\u5b58\u4e2d\u7684\u6570\u636e\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.ibm.com/support/pages/node/6370729",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-01276",
"openTime": "2021-01-07",
"patchDescription": "IBM Power System\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8ePower\u5904\u7406\u5668\u7684\u670d\u52a1\u5668\u8ba1\u7b97\u673a\u3002\r\n\r\nIBM Power9 processor\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u9002\u5f53\u7684\u60c5\u51b5\u4e0b\u4eceL1\u7f13\u5b58\u4e2d\u7684\u6570\u636e\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM Power processor\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "IBM IBM Power9 processor"
},
"referenceLink": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-4788-in-the-ibm-power9-processor-affects-ibm-i/",
"serverity": "\u4f4e",
"submitTime": "2020-11-24",
"title": "IBM Power processor\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2020-4788
Vulnerability from fkie_nvd - Published: 2020-11-20 04:15 - Updated: 2024-11-21 05:33
Severity
Summary
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | vios | 3.1.0 | |
| ibm | vios | 3.1.1 | |
| ibm | vios | 3.1.2 | |
| ibm | aix | 7.1.0 | |
| ibm | aix | 7.1.5 | |
| ibm | aix | 7.2.0 | |
| ibm | aix | 7.2.3 | |
| ibm | aix | 7.2.4 | |
| ibm | aix | 7.2.5 | |
| ibm | power9 | - | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 | |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.1 | |
| oracle | communications_cloud_native_core_policy | 22.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3939ADB4-5177-45C2-9C29-932E81D27F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B809C4C8-2FE4-4DB6-8975-4259FF705D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4149DA62-D7FA-4431-8139-419AAB6EE744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1C208E-967A-40B1-AD9D-AFBA78D3C317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "48F204DE-2F8F-4854-A127-9CF20F3CEC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE65FF3-C4F6-4BAF-85D3-CA86D16E8B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8D4C29-833C-4467-B06A-D8067AAEF3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "984D9159-2FF2-4D1E-94F7-CC207C04F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB863845-F3F4-46AD-B686-F9B6B7EF3607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:power9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA7D79D-5032-41BC-BC5C-1029BD551FAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9955F62A-75D3-4347-9AD3-5947FC365838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296."
},
{
"lang": "es",
"value": "Los procesadores IBM Power9 (AIX versiones 7.1, 7.2 y VIOS versi\u00f3n 3.1), podr\u00edan permitir a un usuario local obtener informaci\u00f3n confidencial de los datos en la cach\u00e9 L1 en circunstancias atenuantes. IBM X-Force ID: 189296"
}
],
"id": "CVE-2020-4788",
"lastModified": "2024-11-21T05:33:15.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-20T04:15:11.063",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"source": "psirt@us.ibm.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
},
{
"source": "psirt@us.ibm.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FV43-627P-JVMR
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-07-26 00:00
VLAI
Details
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
Severity
4.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2020-4788"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-20T04:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"id": "GHSA-fv43-627p-jvmr",
"modified": "2022-07-26T00:00:54Z",
"published": "2022-05-24T17:34:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4788"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2020-4788
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-4788",
"description": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"id": "GSD-2020-4788",
"references": [
"https://www.suse.com/security/cve/CVE-2020-4788.html",
"https://ubuntu.com/security/CVE-2020-4788",
"https://linux.oracle.com/cve/CVE-2020-4788.html",
"https://access.redhat.com/errata/RHSA-2022:1988"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-4788"
],
"details": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"id": "GSD-2020-4788",
"modified": "2023-12-13T01:21:47.632552Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-11-19T00:00:00",
"ID": "CVE-2020-4788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VIOS ",
"version": {
"version_data": [
{
"version_value": "3.1"
}
]
}
},
{
"product_name": "AIX",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.100",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6370729",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6370729 (AIX)",
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"name": "ibm-i-cve20204788-info-disc (189296)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
},
{
"name": "FEDORA-2020-4700a73bd5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/"
},
{
"name": "FEDORA-2020-8c15928d23",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:7.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:7.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:7.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:7.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ibm:power9:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4788"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-i-cve20204788-info-disc (189296)",
"refsource": "XF",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296"
},
{
"name": "https://www.ibm.com/support/pages/node/6370729",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6370729"
},
{
"name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/3"
},
{
"name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/1"
},
{
"name": "FEDORA-2020-8c15928d23",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
},
{
"name": "FEDORA-2020-4700a73bd5",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-02-03T14:59Z",
"publishedDate": "2020-11-20T04:15Z"
}
}
}
OPENSUSE-SU-2020:2161-1
Vulnerability from csaf_opensuse - Published: 2020-12-04 22:35 - Updated: 2020-12-04 22:35Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-29369: There was a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bnc#1179432).
- CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c, where uninitialized memory could leak to userspace, aka CID-bcf85fcedfdd (bnc#1179429).
- CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).
- CVE-2020-25705: A flaw in the way reply ICMP packets are limited was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782).
- CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).
- CVE-2020-27777: Restricted RTAS requests from userspace (bsc#1179107).
- CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).
- CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).
- CVE-2020-28941: Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once (bnc#1178740).
- CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886).
- CVE-2020-25669: Avoid a use-after-free in teardown paths in sunkbd (bsc#1178182).
The following non-security bugs were fixed:
- 9P: Cast to loff_t before multiplying (git-fixes).
- ACPI: GED: fix -Wformat (git-fixes).
- ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
- ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).
- ACPI: dock: fix enum-conversion warning (git-fixes).
- ACPICA: Add NHLT table signature (bsc#1176200).
- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).
- ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).
- ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).
- ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).
- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).
- ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).
- ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).
- ALSA: mixart: Fix mutex deadlock (git-fixes).
- ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).
- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
- Add bug reference to two hv_netvsc patches (bsc#1178853).
- Convert trailing spaces and periods in path components (bsc#1179424).
- Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).
- Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.
- EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).
- EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).
- EDAC/amd64: Gather hardware information early (bsc#1179001).
- EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).
- EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).
- EDAC/amd64: Save max number of controllers to family type (bsc#1179001).
- EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).
- Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.
- HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).
- HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).
- HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).
- HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).
- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
- Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).
- KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).
- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).
- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).
- RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).
- RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).
- RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).
- RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).
- RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).
- RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).
- RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).
- Revert 'cdc-acm: hardening against malicious devices' (git-fixes).
- Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).
- SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).
- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).
- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).
- USB: core: Change %pK for __user pointers to %px (git-fixes).
- USB: core: Fix regression in Hercules audio card (git-fixes).
- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).
- USB: serial: option: add Quectel EC200T module support (git-fixes).
- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).
- arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).
- arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).
- arm64: bpf: Fix branch offset in JIT (git-fixes).
- arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).
- arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).
- arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).
- arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).
- arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).
- arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).
- arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).
- arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).
- arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).
- arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).
- arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).
- arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).
- arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).
- arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).
- arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).
- arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).
- arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).
- arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).
- batman-adv: set .owner to THIS_MODULE (git-fixes).
- bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).
- bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).
- bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).
- bpf: Zero-fill re-used per-cpu map element (bsc#1155518).
- btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).
- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).
- btrfs: fix relocation failure due to race with fallocate (bsc#1179217).
- btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).
- btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).
- btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).
- btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).
- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).
- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).
- can: dev: can_restart(): post buffer from the right context (git-fixes).
- can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes).
- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
- can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).
- can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).
- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).
- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).
- ceph: add check_session_state() helper and make it global (bsc#1179012).
- ceph: check session state after bumping session->s_seq (bsc#1179012).
- ceph: check the sesion state and return false in case it is closed (bsc#1179012).
- ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).
- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
- cfg80211: initialize wdev data earlier (git-fixes).
- cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: remove bogus debug code (bsc#1179427).
- clk: define to_clk_regmap() as inline function (git-fixes).
- cosa: Add missing kfree in error path of cosa_write (git-fixes).
- dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).
- dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).
- devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).
- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).
- drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).
- efi/efivars: Set generic ops before loading SSDT (git-fixes).
- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).
- efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).
- efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).
- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).
- efi/x86: Fix the deletion of variables in mixed mode (git-fixes).
- efi/x86: Free efi_pgd with free_pages() (git-fixes).
- efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).
- efi/x86: Ignore the memory attributes table on i386 (git-fixes).
- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
- efi: EFI_EARLYCON should depend on EFI (git-fixes).
- efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).
- efi: efibc: check for efivars write capability (git-fixes).
- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
- efivarfs: fix memory leak in efivarfs_create() (git-fixes).
- efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).
- ftrace: Fix recursion check for NMI test (git-fixes).
- ftrace: Handle tracing when switching between context (git-fixes).
- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
- futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032).
- gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).
- gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).
- gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).
- hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).
- hv_balloon: disable warning when floor reached (git-fixes).
- hv_netvsc: Add XDP support (bsc#1177820).
- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).
- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).
- hv_netvsc: record hardware hash in skb (bsc#1177820).
- hwmon: (pwm-fan) Fix RPM calculation (git-fixes).
- i2c: mediatek: move dma reset before i2c reset (git-fixes).
- i2c: sh_mobile: implement atomic transfers (git-fixes).
- igc: Fix not considering the TX delay for timestamps (bsc#1160634).
- igc: Fix wrong timestamp latency numbers (bsc#1160634).
- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).
- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).
- iio: adc: mediatek: fix unset field (git-fixes).
- iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).
- intel_idle: Customize IceLake server support (bsc#1178286).
- ionic: check port ptr before use (bsc#1167773).
- iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).
- kABI workaround for HD-audio (git-fixes).
- kABI: revert use_mm name change (MM Functionality, bsc#1178426).
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
- kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).
- kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).
- kgdb: Fix spurious true from in_dbg_master() (git-fixes).
- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).
- lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes).
- lan743x: fix issue causing intermittent kernel log warnings (git-fixes).
- lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).
- lib/crc32test: remove extra local_irq_disable/enable (git-fixes).
- lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).
- libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).
- libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).
- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- mac80211: always wind down STA state (git-fixes).
- mac80211: fix use of skb payload instead of header (git-fixes).
- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
- mac80211: minstrel: fix tx status processing corner case (git-fixes).
- mac80211: minstrel: remove deferred sampling code (git-fixes).
- mei: protect mei_cl_mtu from null dereference (git-fixes).
- memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).
- mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).
- mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).
- mm, memcg: fix inconsistent oom event behavior (bsc#1178659).
- mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).
- mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).
- mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).
- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
- mm/memcontrol.c: add missed css_put() (bsc#1178661).
- mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).
- mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).
- mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).
- mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).
- mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).
- mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).
- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).
- mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).
- modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).
- net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).
- net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).
- net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).
- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).
- net: ena: Change RSS related macros and variables names (bsc#1177397).
- net: ena: Change license into format to SPDX in all files (bsc#1177397).
- net: ena: Change log message to netif/dev function (bsc#1177397).
- net: ena: Fix all static chekers' warnings (bsc#1177397).
- net: ena: Remove redundant print of placement policy (bsc#1177397).
- net: ena: ethtool: Add new device statistics (bsc#1177397).
- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
- net: ena: handle bad request id in ena_netdev (bsc#1174852).
- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
- net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).
- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873).
- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).
- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
- nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).
- nvme: do not update disk info for multipathed device (bsc#1171558).
- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
- pinctrl: aspeed: Fix GPI only function problem (git-fixes).
- pinctrl: intel: Set default bias in case no particular value given (git-fixes).
- platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).
- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).
- powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).
- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).
- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).
- powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).
- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).
- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
- powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).
- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).
- qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).
- reboot: fix overflow parsing reboot cpu number (git-fixes).
- regulator: avoid resolve_supply() infinite recursion (git-fixes).
- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).
- regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes).
- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).
- regulator: workaround self-referent regulators (git-fixes).
- rfkill: Fix use-after-free in rfkill_resume() (git-fixes).
- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).
- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)
- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)
- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one).
- s390/bpf: Fix multiple tail calls (git-fixes).
- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).
- s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).
- s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
- s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).
- s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).
- s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).
- sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).
- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).
- sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).
- sched: Fix rq->nr_iowait ordering (git fixes (sched)).
- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
- scsi: libiscsi: Fix NOP race condition (bsc#1176481).
- scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).
- spi: lpspi: Fix use-after-free on unbind (git-fixes).
- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).
- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).
- tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).
- thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).
- thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).
- timer: Fix wheel index calculation on last level (git-fixes).
- timer: Prevent base->clk from moving backward (git-fixes).
- tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).
- tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).
- tracing: Fix out of bounds write in get_trace_buf (git-fixes).
- tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).
- tty: serial: fsl_lpuart: add LS1028A support (git-fixes).
- tty: serial: imx: fix potential deadlock (git-fixes).
- tty: serial: imx: keep console clocks always on (git-fixes).
- uio: Fix use-after-free in uio_unregister_device() (git-fixes).
- usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
- usb: core: driver: fix stray tabs in error messages (git-fixes).
- usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
- usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
- usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).
- usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).
- usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).
- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
- video: hyperv_fb: include vmalloc.h (git-fixes).
- virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).
- vt: Disable KD_FONT_OP_COPY (bsc#1178589).
- x86/hyperv: Clarify comment on x2apic mode (git-fixes).
- x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).
- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).
- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).
- xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).
- xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes).
- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).
- xfs: fix rmap key and record comparison functions (git-fixes).
- xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).
- xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).
- xhci: Fix sizeof() mismatch (git-fixes).
- xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).
Patchnames: openSUSE-2020-2161
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.4 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
115 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-29369: There was a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bnc#1179432).\n- CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c, where uninitialized memory could leak to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n- CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n- CVE-2020-25705: A flaw in the way reply ICMP packets are limited was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782).\n- CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized (bnc#1179140).\n- CVE-2020-27777: Restricted RTAS requests from userspace (bsc#1179107). \n- CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n- CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n- CVE-2020-28941: Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once (bnc#1178740).\n- CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886).\n- CVE-2020-25669: Avoid a use-after-free in teardown paths in sunkbd (bsc#1178182).\n\nThe following non-security bugs were fixed:\n\n- 9P: Cast to loff_t before multiplying (git-fixes).\n- ACPI: GED: fix -Wformat (git-fixes).\n- ACPI: NFIT: Fix comparison to \u0027-ENXIO\u0027 (git-fixes).\n- ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n- ACPI: dock: fix enum-conversion warning (git-fixes).\n- ACPICA: Add NHLT table signature (bsc#1176200).\n- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n- ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n- ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n- ALSA: hda/realtek - HP Headset Mic can\u0027t detect after boot (git-fixes).\n- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n- ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n- ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n- ALSA: mixart: Fix mutex deadlock (git-fixes).\n- ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n- Add bug reference to two hv_netvsc patches (bsc#1178853).\n- Convert trailing spaces and periods in path components (bsc#1179424).\n- Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n- Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n- EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n- EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n- EDAC/amd64: Gather hardware information early (bsc#1179001).\n- EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n- EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n- EDAC/amd64: Save max number of controllers to family type (bsc#1179001).\n- EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n- Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n- HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n- HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n- HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n- HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n- Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n- KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n- NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n- RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n- RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n- RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n- RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n- RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n- RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n- Revert \u0027cdc-acm: hardening against malicious devices\u0027 (git-fixes).\n- Revert \u0027kernel/reboot.c: convert simple_strtoul to kstrtoint\u0027 (git-fixes).\n- SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n- USB: core: Change %pK for __user pointers to %px (git-fixes).\n- USB: core: Fix regression in Hercules audio card (git-fixes).\n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n- USB: serial: option: add Quectel EC200T module support (git-fixes).\n- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n- arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n- arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n- arm64: bpf: Fix branch offset in JIT (git-fixes).\n- arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n- arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n- arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n- arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n- arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n- arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n- arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n- arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n- arm64: vdso: Add \u0027-Bsymbolic\u0027 to ldflags (git-fixes).\n- arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n- batman-adv: set .owner to THIS_MODULE (git-fixes).\n- bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n- bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n- bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n- bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n- btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n- btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n- btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n- btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n- btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n- btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n- can: dev: can_restart(): post buffer from the right context (git-fixes).\n- can: flexcan: flexcan_setup_stop_mode(): add missing \u0027req_bit\u0027 to stop mode property comment (git-fixes).\n- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n- can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n- can: m_can: fix nominal bitiming tseg2 min for version \u003e= 3.1 (git-fixes).\n- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n- ceph: add check_session_state() helper and make it global (bsc#1179012).\n- ceph: check session state after bumping session-\u003es_seq (bsc#1179012).\n- ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n- ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n- cfg80211: initialize wdev data earlier (git-fixes).\n- cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n- cifs: remove bogus debug code (bsc#1179427).\n- clk: define to_clk_regmap() as inline function (git-fixes).\n- cosa: Add missing kfree in error path of cosa_write (git-fixes).\n- dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n- dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n- devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n- drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n- efi/efivars: Set generic ops before loading SSDT (git-fixes).\n- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n- efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n- efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n- efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n- efi/x86: Free efi_pgd with free_pages() (git-fixes).\n- efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n- efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n- efi: EFI_EARLYCON should depend on EFI (git-fixes).\n- efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n- efi: efibc: check for efivars write capability (git-fixes).\n- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n- efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n- efivarfs: revert \u0027fix memory leak in efivarfs_create()\u0027 (git-fixes).\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n- ftrace: Fix recursion check for NMI test (git-fixes).\n- ftrace: Handle tracing when switching between context (git-fixes).\n- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n- futex: Handle transient \u0027ownerless\u0027 rtmutex state correctly (bsc#1149032).\n- gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n- gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n- gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n- hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n- hv_balloon: disable warning when floor reached (git-fixes).\n- hv_netvsc: Add XDP support (bsc#1177820).\n- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n- hv_netvsc: record hardware hash in skb (bsc#1177820).\n- hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n- i2c: mediatek: move dma reset before i2c reset (git-fixes).\n- i2c: sh_mobile: implement atomic transfers (git-fixes).\n- igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n- igc: Fix wrong timestamp latency numbers (bsc#1160634).\n- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n- iio: adc: mediatek: fix unset field (git-fixes).\n- iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n- intel_idle: Customize IceLake server support (bsc#1178286).\n- ionic: check port ptr before use (bsc#1167773).\n- iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n- kABI workaround for HD-audio (git-fixes).\n- kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).\n- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)\n- kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n- kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n- kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n- lan743x: fix \u0027BUG: invalid wait context\u0027 when setting rx mode (git-fixes).\n- lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n- lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n- lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n- lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n- libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n- libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- mac80211: always wind down STA state (git-fixes).\n- mac80211: fix use of skb payload instead of header (git-fixes).\n- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n- mac80211: minstrel: fix tx status processing corner case (git-fixes).\n- mac80211: minstrel: remove deferred sampling code (git-fixes).\n- mei: protect mei_cl_mtu from null dereference (git-fixes).\n- memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).\n- mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n- mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n- mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n- mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n- mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n- mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n- mm/memcontrol.c: add missed css_put() (bsc#1178661).\n- mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n- mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n- mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n- mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n- mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n- mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n- mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n- modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n- net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n- net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n- net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n- net: ena: Change RSS related macros and variables names (bsc#1177397).\n- net: ena: Change license into format to SPDX in all files (bsc#1177397).\n- net: ena: Change log message to netif/dev function (bsc#1177397).\n- net: ena: Fix all static chekers\u0027 warnings (bsc#1177397).\n- net: ena: Remove redundant print of placement policy (bsc#1177397).\n- net: ena: ethtool: Add new device statistics (bsc#1177397).\n- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n- net: ena: fix packet\u0027s addresses for rx_offset feature (bsc#1174852).\n- net: ena: handle bad request id in ena_netdev (bsc#1174852).\n- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n- net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873).\n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n- nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n- nvme: do not update disk info for multipathed device (bsc#1171558).\n- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n- pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n- pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n- platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n- powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/vnic: Extend \u0027failover pending\u0027 window (bsc#1176855 ltc#187293).\n- powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n- qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n- reboot: fix overflow parsing reboot cpu number (git-fixes).\n- regulator: avoid resolve_supply() infinite recursion (git-fixes).\n- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n- regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes).\n- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n- regulator: workaround self-referent regulators (git-fixes).\n- rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)\n- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)\n- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)\n- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).\n- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one).\n- s390/bpf: Fix multiple tail calls (git-fixes).\n- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n- s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n- s390/dasd: fix null pointer dereference for ERP requests (git-fixes).\n- s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n- s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n- s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n- sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n- sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n- sched: Fix rq-\u003enr_iowait ordering (git fixes (sched)).\n- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section\n- scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n- scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n- spi: lpspi: Fix use-after-free on unbind (git-fixes).\n- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n- tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n- thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n- thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n- timer: Fix wheel index calculation on last level (git-fixes).\n- timer: Prevent base-\u003eclk from moving backward (git-fixes).\n- tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n- tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n- tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n- tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n- tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n- tty: serial: imx: fix potential deadlock (git-fixes).\n- tty: serial: imx: keep console clocks always on (git-fixes).\n- uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n- usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n- usb: core: driver: fix stray tabs in error messages (git-fixes).\n- usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n- usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n- usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n- usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n- usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n- video: hyperv_fb: include vmalloc.h (git-fixes).\n- virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n- vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n- x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n- x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n- xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n- xfs: fix brainos in the refcount scrubber\u0027s rmap fragment processor (git-fixes).\n- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n- xfs: fix rmap key and record comparison functions (git-fixes).\n- xfs: revert \u0027xfs: fix rmap key and record comparison functions\u0027 (git-fixes).\n- xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n- xhci: Fix sizeof() mismatch (git-fixes).\n- xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2161",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2161-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2161-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ICEKZTGIQ6MSKDFOTIOJ2RLWAWJFPSYA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2161-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ICEKZTGIQ6MSKDFOTIOJ2RLWAWJFPSYA/"
},
{
"category": "self",
"summary": "SUSE Bug 1149032",
"url": "https://bugzilla.suse.com/1149032"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1153274",
"url": "https://bugzilla.suse.com/1153274"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1155518",
"url": "https://bugzilla.suse.com/1155518"
},
{
"category": "self",
"summary": "SUSE Bug 1160634",
"url": "https://bugzilla.suse.com/1160634"
},
{
"category": "self",
"summary": "SUSE Bug 1167773",
"url": "https://bugzilla.suse.com/1167773"
},
{
"category": "self",
"summary": "SUSE Bug 1170139",
"url": "https://bugzilla.suse.com/1170139"
},
{
"category": "self",
"summary": "SUSE Bug 1171073",
"url": "https://bugzilla.suse.com/1171073"
},
{
"category": "self",
"summary": "SUSE Bug 1171558",
"url": "https://bugzilla.suse.com/1171558"
},
{
"category": "self",
"summary": "SUSE Bug 1172873",
"url": "https://bugzilla.suse.com/1172873"
},
{
"category": "self",
"summary": "SUSE Bug 1173504",
"url": "https://bugzilla.suse.com/1173504"
},
{
"category": "self",
"summary": "SUSE Bug 1174852",
"url": "https://bugzilla.suse.com/1174852"
},
{
"category": "self",
"summary": "SUSE Bug 1175721",
"url": "https://bugzilla.suse.com/1175721"
},
{
"category": "self",
"summary": "SUSE Bug 1175918",
"url": "https://bugzilla.suse.com/1175918"
},
{
"category": "self",
"summary": "SUSE Bug 1176109",
"url": "https://bugzilla.suse.com/1176109"
},
{
"category": "self",
"summary": "SUSE Bug 1176180",
"url": "https://bugzilla.suse.com/1176180"
},
{
"category": "self",
"summary": "SUSE Bug 1176200",
"url": "https://bugzilla.suse.com/1176200"
},
{
"category": "self",
"summary": "SUSE Bug 1176481",
"url": "https://bugzilla.suse.com/1176481"
},
{
"category": "self",
"summary": "SUSE Bug 1176586",
"url": "https://bugzilla.suse.com/1176586"
},
{
"category": "self",
"summary": "SUSE Bug 1176855",
"url": "https://bugzilla.suse.com/1176855"
},
{
"category": "self",
"summary": "SUSE Bug 1176983",
"url": "https://bugzilla.suse.com/1176983"
},
{
"category": "self",
"summary": "SUSE Bug 1177066",
"url": "https://bugzilla.suse.com/1177066"
},
{
"category": "self",
"summary": "SUSE Bug 1177070",
"url": "https://bugzilla.suse.com/1177070"
},
{
"category": "self",
"summary": "SUSE Bug 1177353",
"url": "https://bugzilla.suse.com/1177353"
},
{
"category": "self",
"summary": "SUSE Bug 1177397",
"url": "https://bugzilla.suse.com/1177397"
},
{
"category": "self",
"summary": "SUSE Bug 1177666",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "self",
"summary": "SUSE Bug 1177703",
"url": "https://bugzilla.suse.com/1177703"
},
{
"category": "self",
"summary": "SUSE Bug 1177820",
"url": "https://bugzilla.suse.com/1177820"
},
{
"category": "self",
"summary": "SUSE Bug 1178182",
"url": "https://bugzilla.suse.com/1178182"
},
{
"category": "self",
"summary": "SUSE Bug 1178227",
"url": "https://bugzilla.suse.com/1178227"
},
{
"category": "self",
"summary": "SUSE Bug 1178286",
"url": "https://bugzilla.suse.com/1178286"
},
{
"category": "self",
"summary": "SUSE Bug 1178304",
"url": "https://bugzilla.suse.com/1178304"
},
{
"category": "self",
"summary": "SUSE Bug 1178401",
"url": "https://bugzilla.suse.com/1178401"
},
{
"category": "self",
"summary": "SUSE Bug 1178426",
"url": "https://bugzilla.suse.com/1178426"
},
{
"category": "self",
"summary": "SUSE Bug 1178589",
"url": "https://bugzilla.suse.com/1178589"
},
{
"category": "self",
"summary": "SUSE Bug 1178635",
"url": "https://bugzilla.suse.com/1178635"
},
{
"category": "self",
"summary": "SUSE Bug 1178653",
"url": "https://bugzilla.suse.com/1178653"
},
{
"category": "self",
"summary": "SUSE Bug 1178659",
"url": "https://bugzilla.suse.com/1178659"
},
{
"category": "self",
"summary": "SUSE Bug 1178661",
"url": "https://bugzilla.suse.com/1178661"
},
{
"category": "self",
"summary": "SUSE Bug 1178669",
"url": "https://bugzilla.suse.com/1178669"
},
{
"category": "self",
"summary": "SUSE Bug 1178686",
"url": "https://bugzilla.suse.com/1178686"
},
{
"category": "self",
"summary": "SUSE Bug 1178740",
"url": "https://bugzilla.suse.com/1178740"
},
{
"category": "self",
"summary": "SUSE Bug 1178755",
"url": "https://bugzilla.suse.com/1178755"
},
{
"category": "self",
"summary": "SUSE Bug 1178762",
"url": "https://bugzilla.suse.com/1178762"
},
{
"category": "self",
"summary": "SUSE Bug 1178782",
"url": "https://bugzilla.suse.com/1178782"
},
{
"category": "self",
"summary": "SUSE Bug 1178838",
"url": "https://bugzilla.suse.com/1178838"
},
{
"category": "self",
"summary": "SUSE Bug 1178853",
"url": "https://bugzilla.suse.com/1178853"
},
{
"category": "self",
"summary": "SUSE Bug 1178886",
"url": "https://bugzilla.suse.com/1178886"
},
{
"category": "self",
"summary": "SUSE Bug 1179001",
"url": "https://bugzilla.suse.com/1179001"
},
{
"category": "self",
"summary": "SUSE Bug 1179012",
"url": "https://bugzilla.suse.com/1179012"
},
{
"category": "self",
"summary": "SUSE Bug 1179014",
"url": "https://bugzilla.suse.com/1179014"
},
{
"category": "self",
"summary": "SUSE Bug 1179015",
"url": "https://bugzilla.suse.com/1179015"
},
{
"category": "self",
"summary": "SUSE Bug 1179045",
"url": "https://bugzilla.suse.com/1179045"
},
{
"category": "self",
"summary": "SUSE Bug 1179076",
"url": "https://bugzilla.suse.com/1179076"
},
{
"category": "self",
"summary": "SUSE Bug 1179082",
"url": "https://bugzilla.suse.com/1179082"
},
{
"category": "self",
"summary": "SUSE Bug 1179107",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "self",
"summary": "SUSE Bug 1179140",
"url": "https://bugzilla.suse.com/1179140"
},
{
"category": "self",
"summary": "SUSE Bug 1179141",
"url": "https://bugzilla.suse.com/1179141"
},
{
"category": "self",
"summary": "SUSE Bug 1179160",
"url": "https://bugzilla.suse.com/1179160"
},
{
"category": "self",
"summary": "SUSE Bug 1179201",
"url": "https://bugzilla.suse.com/1179201"
},
{
"category": "self",
"summary": "SUSE Bug 1179211",
"url": "https://bugzilla.suse.com/1179211"
},
{
"category": "self",
"summary": "SUSE Bug 1179217",
"url": "https://bugzilla.suse.com/1179217"
},
{
"category": "self",
"summary": "SUSE Bug 1179424",
"url": "https://bugzilla.suse.com/1179424"
},
{
"category": "self",
"summary": "SUSE Bug 1179426",
"url": "https://bugzilla.suse.com/1179426"
},
{
"category": "self",
"summary": "SUSE Bug 1179427",
"url": "https://bugzilla.suse.com/1179427"
},
{
"category": "self",
"summary": "SUSE Bug 1179429",
"url": "https://bugzilla.suse.com/1179429"
},
{
"category": "self",
"summary": "SUSE Bug 1179432",
"url": "https://bugzilla.suse.com/1179432"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15436 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25669 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25705 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27777 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28915 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28941 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28974 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29369 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29371 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-4788 page",
"url": "https://www.suse.com/security/cve/CVE-2020-4788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-12-04T22:35:01Z",
"generator": {
"date": "2020-12-04T22:35:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2161-1",
"initial_release_date": "2020-12-04T22:35:01Z",
"revision_history": [
{
"date": "2020-12-04T22:35:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.3.18-lp152.54.1.noarch",
"product": {
"name": "kernel-devel-5.3.18-lp152.54.1.noarch",
"product_id": "kernel-devel-5.3.18-lp152.54.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-5.3.18-lp152.54.2.noarch",
"product": {
"name": "kernel-docs-5.3.18-lp152.54.2.noarch",
"product_id": "kernel-docs-5.3.18-lp152.54.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-5.3.18-lp152.54.2.noarch",
"product": {
"name": "kernel-docs-html-5.3.18-lp152.54.2.noarch",
"product_id": "kernel-docs-html-5.3.18-lp152.54.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.3.18-lp152.54.1.noarch",
"product": {
"name": "kernel-macros-5.3.18-lp152.54.1.noarch",
"product_id": "kernel-macros-5.3.18-lp152.54.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-5.3.18-lp152.54.1.noarch",
"product": {
"name": "kernel-source-5.3.18-lp152.54.1.noarch",
"product_id": "kernel-source-5.3.18-lp152.54.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"product": {
"name": "kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"product_id": "kernel-source-vanilla-5.3.18-lp152.54.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-debug-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-debug-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-debug-devel-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-default-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-default-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"product": {
"name": "kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"product_id": "kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"product": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"product_id": "kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-default-devel-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-kvmsmall-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-obs-build-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-obs-qa-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-preempt-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-preempt-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-preempt-devel-5.3.18-lp152.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-5.3.18-lp152.54.1.x86_64",
"product": {
"name": "kernel-syms-5.3.18-lp152.54.1.x86_64",
"product_id": "kernel-syms-5.3.18-lp152.54.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-debug-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-default-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64"
},
"product_reference": "kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64"
},
"product_reference": "kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.3.18-lp152.54.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch"
},
"product_reference": "kernel-devel-5.3.18-lp152.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-5.3.18-lp152.54.2.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch"
},
"product_reference": "kernel-docs-5.3.18-lp152.54.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-5.3.18-lp152.54.2.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch"
},
"product_reference": "kernel-docs-html-5.3.18-lp152.54.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.3.18-lp152.54.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch"
},
"product_reference": "kernel-macros-5.3.18-lp152.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-preempt-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-devel-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.3.18-lp152.54.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch"
},
"product_reference": "kernel-source-5.3.18-lp152.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.3.18-lp152.54.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch"
},
"product_reference": "kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-5.3.18-lp152.54.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
},
"product_reference": "kernel-syms-5.3.18-lp152.54.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15436"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15436",
"url": "https://www.suse.com/security/cve/CVE-2020-15436"
},
{
"category": "external",
"summary": "SUSE Bug 1179141 for CVE-2020-15436",
"url": "https://bugzilla.suse.com/1179141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-15436"
},
{
"cve": "CVE-2020-15437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15437"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15437",
"url": "https://www.suse.com/security/cve/CVE-2020-15437"
},
{
"category": "external",
"summary": "SUSE Bug 1179140 for CVE-2020-15437",
"url": "https://bugzilla.suse.com/1179140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-15437"
},
{
"cve": "CVE-2020-25669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25669"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25669",
"url": "https://www.suse.com/security/cve/CVE-2020-25669"
},
{
"category": "external",
"summary": "SUSE Bug 1178182 for CVE-2020-25669",
"url": "https://bugzilla.suse.com/1178182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-25669"
},
{
"cve": "CVE-2020-25705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25705"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25705",
"url": "https://www.suse.com/security/cve/CVE-2020-25705"
},
{
"category": "external",
"summary": "SUSE Bug 1175721 for CVE-2020-25705",
"url": "https://bugzilla.suse.com/1175721"
},
{
"category": "external",
"summary": "SUSE Bug 1178782 for CVE-2020-25705",
"url": "https://bugzilla.suse.com/1178782"
},
{
"category": "external",
"summary": "SUSE Bug 1178783 for CVE-2020-25705",
"url": "https://bugzilla.suse.com/1178783"
},
{
"category": "external",
"summary": "SUSE Bug 1191790 for CVE-2020-25705",
"url": "https://bugzilla.suse.com/1191790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "important"
}
],
"title": "CVE-2020-25705"
},
{
"cve": "CVE-2020-27777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27777"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27777",
"url": "https://www.suse.com/security/cve/CVE-2020-27777"
},
{
"category": "external",
"summary": "SUSE Bug 1179107 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "external",
"summary": "SUSE Bug 1179419 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179419"
},
{
"category": "external",
"summary": "SUSE Bug 1200343 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1200343"
},
{
"category": "external",
"summary": "SUSE Bug 1220060 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1220060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-28915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28915"
}
],
"notes": [
{
"category": "general",
"text": "A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28915",
"url": "https://www.suse.com/security/cve/CVE-2020-28915"
},
{
"category": "external",
"summary": "SUSE Bug 1178886 for CVE-2020-28915",
"url": "https://bugzilla.suse.com/1178886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-28915"
},
{
"cve": "CVE-2020-28941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28941"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28941",
"url": "https://www.suse.com/security/cve/CVE-2020-28941"
},
{
"category": "external",
"summary": "SUSE Bug 1178740 for CVE-2020-28941",
"url": "https://bugzilla.suse.com/1178740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-28941"
},
{
"cve": "CVE-2020-28974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28974"
}
],
"notes": [
{
"category": "general",
"text": "A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28974",
"url": "https://www.suse.com/security/cve/CVE-2020-28974"
},
{
"category": "external",
"summary": "SUSE Bug 1178589 for CVE-2020-28974",
"url": "https://bugzilla.suse.com/1178589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-28974"
},
{
"cve": "CVE-2020-29369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29369"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29369",
"url": "https://www.suse.com/security/cve/CVE-2020-29369"
},
{
"category": "external",
"summary": "SUSE Bug 1173504 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1173504"
},
{
"category": "external",
"summary": "SUSE Bug 1179432 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1179432"
},
{
"category": "external",
"summary": "SUSE Bug 1179646 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1179646"
},
{
"category": "external",
"summary": "SUSE Bug 1182109 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1182109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "important"
}
],
"title": "CVE-2020-29369"
},
{
"cve": "CVE-2020-29371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29371"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29371",
"url": "https://www.suse.com/security/cve/CVE-2020-29371"
},
{
"category": "external",
"summary": "SUSE Bug 1179429 for CVE-2020-29371",
"url": "https://bugzilla.suse.com/1179429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-29371"
},
{
"cve": "CVE-2020-4788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-4788"
}
],
"notes": [
{
"category": "general",
"text": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-4788",
"url": "https://www.suse.com/security/cve/CVE-2020-4788"
},
{
"category": "external",
"summary": "SUSE Bug 1177666 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "external",
"summary": "SUSE Bug 1181158 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1181158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.54.2.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.54.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.54.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-4788"
}
]
}
OPENSUSE-SU-2020:2193-1
Vulnerability from csaf_opensuse - Published: 2020-12-07 11:06 - Updated: 2020-12-07 11:06Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).
- CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).
- CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).
- CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).
- CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).
- CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).
- CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).
The following non-security bugs were fixed:
- ACPI: GED: fix -Wformat (git-fixes).
- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).
- ALSA: mixart: Fix mutex deadlock (git-fixes).
- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
- Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).
- Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).
- Convert trailing spaces and periods in path components (bsc#1179424).
- Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).
- IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
- IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)
- IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)
- IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)
- IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)
- IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)
- IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)
- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
- IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)
- IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)
- IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)
- IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)
- IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)
- IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)
- IB/hfi1: Handle port down properly in pio (bsc#1111666)
- IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)
- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)
- IB/hfi1: Remove unused define (bsc#1111666)
- IB/hfi1: Silence txreq allocation warnings (bsc#1111666)
- IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)
- IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)
- IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)
- IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)
- IB/ipoib: drop useless LIST_HEAD (bsc#1111666)
- IB/iser: Fix dma_nents type definition (bsc#1111666)
- IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)
- IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)
- IB/mlx4: Add and improve logging (bsc#1111666)
- IB/mlx4: Add support for MRA (bsc#1111666)
- IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
- IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)
- IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)
- IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)
- IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
- IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)
- IB/mlx4: Remove unneeded NULL check (bsc#1111666)
- IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)
- IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)
- IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)
- IB/mlx5: Do not override existing ip_protocol (bsc#1111666)
- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)
- IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)
- IB/mlx5: Fix implicit MR release flow (bsc#1111666)
- IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)
- IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)
- IB/mlx5: Improve ODP debugging messages (bsc#1111666)
- IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)
- IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)
- IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)
- IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)
- IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)
- IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)
- IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)
- IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)
- IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
- IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)
- IB/qib: Remove a set-but-not-used variable (bsc#1111666)
- IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)
- IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)
- IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
- IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)
- IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)
- IB/rxe: Make counters thread safe (bsc#1111666)
- IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)
- IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)
- IB/umad: Avoid destroying device while it is accessed (bsc#1111666)
- IB/umad: Do not check status of nonseekable_open() (bsc#1111666)
- IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)
- IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)
- IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)
- IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)
- IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)
- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)
- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)
- KVM host: kabi fixes for psci_version (bsc#1174726).
- KVM: arm64: Add missing #include of <linux/string.h> in guest.c (bsc#1174726).
- KVM: arm64: Factor out core register ID enumeration (bsc#1174726).
- KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).
- KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).
- KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).
- RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)
- RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)
- RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)
- RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)
- RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)
- RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)
- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)
- RDMA/cma: Fix false error message (bsc#1111666)
- RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)
- RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)
- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)
- RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)
- RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)
- RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)
- RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)
- RDMA/core: Fix race between destroy and release FD object (bsc#1111666)
- RDMA/core: Fix race when resolving IP address (bsc#1111666)
- RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)
- RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)
- RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)
- RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)
- RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/hns: Set the unsupported wr opcode (bsc#1111666)
- RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)
- RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)
- RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)
- RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)
- RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)
- RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)
- RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)
- RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)
- RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)
- RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)
- RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)
- RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)
- RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)
- RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)
- RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)
- RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)
- RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)
- RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)
- RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)
- RDMA/mlx5: Return proper error value (bsc#1111666)
- RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)
- RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)
- RDMA/nes: Remove second wait queue initialization call (bsc#1111666)
- RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)
- RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)
- RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)
- RDMA/qedr: Endianness warnings cleanup (bsc#1111666)
- RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).
- RDMA/qedr: Fix doorbell setting (bsc#1111666)
- RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).
- RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)
- RDMA/qedr: Fix reported firmware version (bsc#1111666)
- RDMA/qedr: Fix use of uninitialized field (bsc#1111666)
- RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/qedr: SRQ's bug fixes (bsc#1111666)
- RDMA/qib: Delete extra line (bsc#1111666)
- RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)
- RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)
- RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)
- RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)
- RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)
- RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)
- RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)
- RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)
- RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)
- RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)
- RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)
- RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)
- RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)
- RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)
- RDMA/rxe: Set default vendor ID (bsc#1111666)
- RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)
- RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)
- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)
- RDMA/srp: Rework SCSI device reset handling (bsc#1111666)
- RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)
- RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)
- RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)
- RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)
- RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)
- RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)
- RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)
- RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)
- Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).
- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).
- Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).
- USB: core: Fix regression in Hercules audio card (git-fixes).
- Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).
- arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).
- arm64: KVM: Fix system register enumeration (bsc#1174726).
- ath10k: Acquire tx_lock in tx error paths (git-fixes).
- batman-adv: set .owner to THIS_MODULE (git-fixes).
- bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).
- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).
- btrfs: account ticket size at add/delete time (bsc#1178897).
- btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).
- btrfs: check rw_devices, not num_devices for balance (bsc#1178897).
- btrfs: do not delete mismatched root refs (bsc#1178962).
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).
- btrfs: fix force usage in inc_block_group_ro (bsc#1178897).
- btrfs: fix invalid removal of root ref (bsc#1178962).
- btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).
- btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).
- btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).
- btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).
- btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.
- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
- can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).
- ceph: add check_session_state() helper and make it global (bsc#1179259).
- ceph: check session state after bumping session->s_seq (bsc#1179259).
- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: remove bogus debug code (bsc#1179427).
- cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).
- docs: ABI: stable: remove a duplicated documentation (git-fixes).
- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).
- efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).
- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).
- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).
- efi/x86: Free efi_pgd with free_pages() (bsc#1112178).
- efi/x86: Ignore the memory attributes table on i386 (git-fixes).
- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
- efi: cper: Fix possible out-of-bounds access (git-fixes).
- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
- efivarfs: fix memory leak in efivarfs_create() (git-fixes).
- efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).
- fuse: fix page dereference after free (bsc#1179213).
- hv_balloon: disable warning when floor reached (git-fixes).
- i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)
- i40iw: Report correct firmware version (bsc#1111666)
- i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
- igc: Fix returning wrong statistics (bsc#1118657).
- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).
- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).
- iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)
- iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)
- kABI workaround for usermodehelper changes (bsc#1179406).
- kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- mac80211: always wind down STA state (git-fixes).
- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
- mlxsw: core: Fix memory leak on module removal (bsc#1112374).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).
- net/tls: Fix kmap usage (bsc#1109837).
- net/tls: missing received data after fast remote close (bsc#1109837).
- net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
- net: ena: handle bad request id in ena_netdev (git-fixes).
- net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).
- net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).
- net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).
- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
- nfp: use correct define to return NONE fec (bsc#1109837).
- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
- pinctrl: aspeed: Fix GPI only function problem (git-fixes).
- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).
- powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).
- powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).
- qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).
- qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- reboot: fix overflow parsing reboot cpu number (bsc#1179421).
- rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)
- rxe: fix error completion wr_id and qp_num (bsc#1111666)
- s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).
- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).
- s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).
- s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).
- sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).
- sched/x86: SaveFLAGS on context switch (bsc#1112178).
- scripts/git_sort/git_sort.py: add ceph maintainers git tree
- scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)
- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).
- svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).
- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).
- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).
- tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).
- tty: serial: imx: keep console clocks always on (git-fixes).
- usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
- usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
- usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
- usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
- usermodehelper: reset umask to default before executing user process (bsc#1179406).
- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
- x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).
- x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).
- x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).
- x86/hyperv: Clarify comment on x2apic mode (git-fixes).
- x86/hyperv: Make vapic support x2apic mode (git-fixes).
- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).
- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).
- x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
- xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).
Patchnames: openSUSE-2020-2193
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.4 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
81 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n- CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n- CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n- CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).\n- CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized (bnc#1179140).\n- CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).\n- CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\nThe following non-security bugs were fixed:\n\n- ACPI: GED: fix -Wformat (git-fixes).\n- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n- ALSA: mixart: Fix mutex deadlock (git-fixes).\n- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n- Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).\n- Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).\n- Convert trailing spaces and periods in path components (bsc#1179424).\n- Drivers: hv: vmbus: Remove the unused \u0027tsc_page\u0027 from struct hv_context (git-fixes).\n- IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)\n- IB/core: Set qp-\u003ereal_qp before it may be accessed (bsc#1111666)\n- IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)\n- IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)\n- IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)\n- IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)\n- IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)\n- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n- IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)\n- IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)\n- IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)\n- IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)\n- IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n- IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)\n- IB/hfi1: Handle port down properly in pio (bsc#1111666)\n- IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)\n- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)\n- IB/hfi1: Remove unused define (bsc#1111666)\n- IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n- IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)\n- IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)\n- IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)\n- IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)\n- IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n- IB/iser: Fix dma_nents type definition (bsc#1111666)\n- IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)\n- IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)\n- IB/mlx4: Add and improve logging (bsc#1111666)\n- IB/mlx4: Add support for MRA (bsc#1111666)\n- IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)\n- IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n- IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)\n- IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)\n- IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)\n- IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)\n- IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n- IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)\n- IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)\n- IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)\n- IB/mlx5: Do not override existing ip_protocol (bsc#1111666)\n- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)\n- IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)\n- IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n- IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)\n- IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)\n- IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n- IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)\n- IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)\n- IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)\n- IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)\n- IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)\n- IB/mlx5: Use fragmented QP\u0027s buffer for in-kernel users (bsc#1111666)\n- IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)\n- IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)\n- IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n- IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)\n- IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n- IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)\n- IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n- IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n- IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)\n- IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)\n- IB/rxe: Make counters thread safe (bsc#1111666)\n- IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n- IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)\n- IB/umad: Avoid destroying device while it is accessed (bsc#1111666)\n- IB/umad: Do not check status of nonseekable_open() (bsc#1111666)\n- IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)\n- IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)\n- IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)\n- IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)\n- IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)\n- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)\n- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)\n- KVM host: kabi fixes for psci_version (bsc#1174726).\n- KVM: arm64: Add missing #include of \u0026lt;linux/string.h\u003e in guest.c (bsc#1174726).\n- KVM: arm64: Factor out core register ID enumeration (bsc#1174726).\n- KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).\n- KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).\n- KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).\n- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n- PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).\n- RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)\n- RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)\n- RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)\n- RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)\n- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)\n- RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)\n- RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)\n- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)\n- RDMA/cma: Fix false error message (bsc#1111666)\n- RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)\n- RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)\n- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)\n- RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)\n- RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)\n- RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)\n- RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)\n- RDMA/core: Fix race between destroy and release FD object (bsc#1111666)\n- RDMA/core: Fix race when resolving IP address (bsc#1111666)\n- RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)\n- RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)\n- RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)\n- RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)\n- RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n- RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)\n- RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)\n- RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)\n- RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n- RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)\n- RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)\n- RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)\n- RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)\n- RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n- RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n- RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)\n- RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)\n- RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n- RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)\n- RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)\n- RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)\n- RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)\n- RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)\n- RDMA/mlx5: Fix function name typo \u0027fileds\u0027 -\u003e \u0027fields\u0027 (bsc#1111666)\n- RDMA/mlx5: Return proper error value (bsc#1111666)\n- RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)\n- RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)\n- RDMA/nes: Remove second wait queue initialization call (bsc#1111666)\n- RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)\n- RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)\n- RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)\n- RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n- RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).\n- RDMA/qedr: Fix doorbell setting (bsc#1111666)\n- RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n- RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)\n- RDMA/qedr: Fix reported firmware version (bsc#1111666)\n- RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n- RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/qedr: SRQ\u0027s bug fixes (bsc#1111666)\n- RDMA/qib: Delete extra line (bsc#1111666)\n- RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)\n- RDMA/qib: Validate -\u003eshow()/store() callbacks before calling them (bsc#1111666)\n- RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)\n- RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n- RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)\n- RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n- RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)\n- RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)\n- RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)\n- RDMA/rxe: Prevent access to wr-\u003enext ptr afrer wr is posted to send queue (bsc#1111666)\n- RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n- RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)\n- RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)\n- RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)\n- RDMA/rxe: Set default vendor ID (bsc#1111666)\n- RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)\n- RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)\n- RDMA/srp: Rework SCSI device reset handling (bsc#1111666)\n- RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)\n- RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)\n- RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)\n- RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)\n- RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)\n- RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)\n- RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)\n- RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)\n- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)\n- Revert \u0027kernel/reboot.c: convert simple_strtoul to kstrtoint\u0027 (bsc#1179418).\n- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).\n- Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).\n- USB: core: Fix regression in Hercules audio card (git-fixes).\n- Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).\n- arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).\n- arm64: KVM: Fix system register enumeration (bsc#1174726).\n- ath10k: Acquire tx_lock in tx error paths (git-fixes).\n- batman-adv: set .owner to THIS_MODULE (git-fixes).\n- bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).\n- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).\n- btrfs: account ticket size at add/delete time (bsc#1178897).\n- btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).\n- btrfs: check rw_devices, not num_devices for balance (bsc#1178897).\n- btrfs: do not delete mismatched root refs (bsc#1178962).\n- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).\n- btrfs: fix force usage in inc_block_group_ro (bsc#1178897).\n- btrfs: fix invalid removal of root ref (bsc#1178962).\n- btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).\n- btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).\n- btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).\n- btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).\n- btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.\n- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n- can: m_can: fix nominal bitiming tseg2 min for version \u003e= 3.1 (git-fixes).\n- ceph: add check_session_state() helper and make it global (bsc#1179259).\n- ceph: check session state after bumping session-\u003es_seq (bsc#1179259).\n- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n- cifs: remove bogus debug code (bsc#1179427).\n- cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).\n- docs: ABI: stable: remove a duplicated documentation (git-fixes).\n- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).\n- efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).\n- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n- efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n- efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n- efi: cper: Fix possible out-of-bounds access (git-fixes).\n- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n- efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n- efivarfs: revert \u0027fix memory leak in efivarfs_create()\u0027 (git-fixes).\n- fuse: fix page dereference after free (bsc#1179213).\n- hv_balloon: disable warning when floor reached (git-fixes).\n- i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)\n- i40iw: Report correct firmware version (bsc#1111666)\n- i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)\n- igc: Fix returning wrong statistics (bsc#1118657).\n- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n- iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)\n- iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)\n- kABI workaround for usermodehelper changes (bsc#1179406).\n- kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- mac80211: always wind down STA state (git-fixes).\n- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n- mlxsw: core: Fix memory leak on module removal (bsc#1112374).\n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).\n- net/tls: Fix kmap usage (bsc#1109837).\n- net/tls: missing received data after fast remote close (bsc#1109837).\n- net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).\n- net: ena: fix packet\u0027s addresses for rx_offset feature (bsc#1174852).\n- net: ena: handle bad request id in ena_netdev (git-fixes).\n- net: qed: fix \u0027maybe uninitialized\u0027 warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).\n- net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).\n- net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).\n- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n- nfp: use correct define to return NONE fec (bsc#1109837).\n- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n- pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n- powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).\n- powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).\n- qed: suppress \u0027do not support RoCE \u0026 iWARP\u0027 flooding on HW init (bsc#1050536 bsc#1050545).\n- qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- reboot: fix overflow parsing reboot cpu number (bsc#1179421).\n- rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)\n- rxe: fix error completion wr_id and qp_num (bsc#1111666)\n- s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).\n- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).\n- s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).\n- s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).\n- sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).\n- sched/x86: SaveFLAGS on context switch (bsc#1112178).\n- scripts/git_sort/git_sort.py: add ceph maintainers git tree\n- scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)\n- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n- svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).\n- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).\n- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).\n- tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).\n- tty: serial: imx: keep console clocks always on (git-fixes).\n- usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n- usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n- usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n- usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n- usermodehelper: reset umask to default before executing user process (bsc#1179406).\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n- x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).\n- x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).\n- x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).\n- x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n- x86/hyperv: Make vapic support x2apic mode (git-fixes).\n- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).\n- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).\n- x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).\n- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n- xfs: revert \u0027xfs: fix rmap key and record comparison functions\u0027 (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2193",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2193-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2193-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4YRSQJNKLIOJJTD3P2UKMHRFMCIG3JDN/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2193-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4YRSQJNKLIOJJTD3P2UKMHRFMCIG3JDN/"
},
{
"category": "self",
"summary": "SUSE Bug 1050242",
"url": "https://bugzilla.suse.com/1050242"
},
{
"category": "self",
"summary": "SUSE Bug 1050536",
"url": "https://bugzilla.suse.com/1050536"
},
{
"category": "self",
"summary": "SUSE Bug 1050545",
"url": "https://bugzilla.suse.com/1050545"
},
{
"category": "self",
"summary": "SUSE Bug 1056653",
"url": "https://bugzilla.suse.com/1056653"
},
{
"category": "self",
"summary": "SUSE Bug 1056657",
"url": "https://bugzilla.suse.com/1056657"
},
{
"category": "self",
"summary": "SUSE Bug 1056787",
"url": "https://bugzilla.suse.com/1056787"
},
{
"category": "self",
"summary": "SUSE Bug 1064802",
"url": "https://bugzilla.suse.com/1064802"
},
{
"category": "self",
"summary": "SUSE Bug 1066129",
"url": "https://bugzilla.suse.com/1066129"
},
{
"category": "self",
"summary": "SUSE Bug 1103990",
"url": "https://bugzilla.suse.com/1103990"
},
{
"category": "self",
"summary": "SUSE Bug 1103992",
"url": "https://bugzilla.suse.com/1103992"
},
{
"category": "self",
"summary": "SUSE Bug 1104389",
"url": "https://bugzilla.suse.com/1104389"
},
{
"category": "self",
"summary": "SUSE Bug 1104393",
"url": "https://bugzilla.suse.com/1104393"
},
{
"category": "self",
"summary": "SUSE Bug 1109837",
"url": "https://bugzilla.suse.com/1109837"
},
{
"category": "self",
"summary": "SUSE Bug 1110096",
"url": "https://bugzilla.suse.com/1110096"
},
{
"category": "self",
"summary": "SUSE Bug 1111666",
"url": "https://bugzilla.suse.com/1111666"
},
{
"category": "self",
"summary": "SUSE Bug 1112178",
"url": "https://bugzilla.suse.com/1112178"
},
{
"category": "self",
"summary": "SUSE Bug 1112374",
"url": "https://bugzilla.suse.com/1112374"
},
{
"category": "self",
"summary": "SUSE Bug 1118657",
"url": "https://bugzilla.suse.com/1118657"
},
{
"category": "self",
"summary": "SUSE Bug 1122971",
"url": "https://bugzilla.suse.com/1122971"
},
{
"category": "self",
"summary": "SUSE Bug 1136460",
"url": "https://bugzilla.suse.com/1136460"
},
{
"category": "self",
"summary": "SUSE Bug 1136461",
"url": "https://bugzilla.suse.com/1136461"
},
{
"category": "self",
"summary": "SUSE Bug 1158775",
"url": "https://bugzilla.suse.com/1158775"
},
{
"category": "self",
"summary": "SUSE Bug 1170139",
"url": "https://bugzilla.suse.com/1170139"
},
{
"category": "self",
"summary": "SUSE Bug 1172542",
"url": "https://bugzilla.suse.com/1172542"
},
{
"category": "self",
"summary": "SUSE Bug 1174726",
"url": "https://bugzilla.suse.com/1174726"
},
{
"category": "self",
"summary": "SUSE Bug 1174852",
"url": "https://bugzilla.suse.com/1174852"
},
{
"category": "self",
"summary": "SUSE Bug 1175916",
"url": "https://bugzilla.suse.com/1175916"
},
{
"category": "self",
"summary": "SUSE Bug 1176109",
"url": "https://bugzilla.suse.com/1176109"
},
{
"category": "self",
"summary": "SUSE Bug 1177304",
"url": "https://bugzilla.suse.com/1177304"
},
{
"category": "self",
"summary": "SUSE Bug 1177666",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "self",
"summary": "SUSE Bug 1177805",
"url": "https://bugzilla.suse.com/1177805"
},
{
"category": "self",
"summary": "SUSE Bug 1177808",
"url": "https://bugzilla.suse.com/1177808"
},
{
"category": "self",
"summary": "SUSE Bug 1178589",
"url": "https://bugzilla.suse.com/1178589"
},
{
"category": "self",
"summary": "SUSE Bug 1178635",
"url": "https://bugzilla.suse.com/1178635"
},
{
"category": "self",
"summary": "SUSE Bug 1178669",
"url": "https://bugzilla.suse.com/1178669"
},
{
"category": "self",
"summary": "SUSE Bug 1178897",
"url": "https://bugzilla.suse.com/1178897"
},
{
"category": "self",
"summary": "SUSE Bug 1178940",
"url": "https://bugzilla.suse.com/1178940"
},
{
"category": "self",
"summary": "SUSE Bug 1178962",
"url": "https://bugzilla.suse.com/1178962"
},
{
"category": "self",
"summary": "SUSE Bug 1179107",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "self",
"summary": "SUSE Bug 1179140",
"url": "https://bugzilla.suse.com/1179140"
},
{
"category": "self",
"summary": "SUSE Bug 1179141",
"url": "https://bugzilla.suse.com/1179141"
},
{
"category": "self",
"summary": "SUSE Bug 1179211",
"url": "https://bugzilla.suse.com/1179211"
},
{
"category": "self",
"summary": "SUSE Bug 1179213",
"url": "https://bugzilla.suse.com/1179213"
},
{
"category": "self",
"summary": "SUSE Bug 1179259",
"url": "https://bugzilla.suse.com/1179259"
},
{
"category": "self",
"summary": "SUSE Bug 1179403",
"url": "https://bugzilla.suse.com/1179403"
},
{
"category": "self",
"summary": "SUSE Bug 1179406",
"url": "https://bugzilla.suse.com/1179406"
},
{
"category": "self",
"summary": "SUSE Bug 1179418",
"url": "https://bugzilla.suse.com/1179418"
},
{
"category": "self",
"summary": "SUSE Bug 1179421",
"url": "https://bugzilla.suse.com/1179421"
},
{
"category": "self",
"summary": "SUSE Bug 1179424",
"url": "https://bugzilla.suse.com/1179424"
},
{
"category": "self",
"summary": "SUSE Bug 1179426",
"url": "https://bugzilla.suse.com/1179426"
},
{
"category": "self",
"summary": "SUSE Bug 1179427",
"url": "https://bugzilla.suse.com/1179427"
},
{
"category": "self",
"summary": "SUSE Bug 1179429",
"url": "https://bugzilla.suse.com/1179429"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20669 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15436 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27777 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28974 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29371 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-4788 page",
"url": "https://www.suse.com/security/cve/CVE-2020-4788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-12-07T11:06:42Z",
"generator": {
"date": "2020-12-07T11:06:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2193-1",
"initial_release_date": "2020-12-07T11:06:42Z",
"revision_history": [
{
"date": "2020-12-07T11:06:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-devel-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-docs-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-macros-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-source-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-source-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-debug-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-default-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-default-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"product_id": "kernel-syms-4.12.14-lp151.28.87.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-default-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-docs-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-source-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-lp151.28.87.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20669"
}
],
"notes": [
{
"category": "general",
"text": "An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20669",
"url": "https://www.suse.com/security/cve/CVE-2018-20669"
},
{
"category": "external",
"summary": "SUSE Bug 1122971 for CVE-2018-20669",
"url": "https://bugzilla.suse.com/1122971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "important"
}
],
"title": "CVE-2018-20669"
},
{
"cve": "CVE-2020-15436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15436"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15436",
"url": "https://www.suse.com/security/cve/CVE-2020-15436"
},
{
"category": "external",
"summary": "SUSE Bug 1179141 for CVE-2020-15436",
"url": "https://bugzilla.suse.com/1179141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15436"
},
{
"cve": "CVE-2020-15437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15437"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15437",
"url": "https://www.suse.com/security/cve/CVE-2020-15437"
},
{
"category": "external",
"summary": "SUSE Bug 1179140 for CVE-2020-15437",
"url": "https://bugzilla.suse.com/1179140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15437"
},
{
"cve": "CVE-2020-27777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27777"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27777",
"url": "https://www.suse.com/security/cve/CVE-2020-27777"
},
{
"category": "external",
"summary": "SUSE Bug 1179107 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "external",
"summary": "SUSE Bug 1179419 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179419"
},
{
"category": "external",
"summary": "SUSE Bug 1200343 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1200343"
},
{
"category": "external",
"summary": "SUSE Bug 1220060 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1220060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-28974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28974"
}
],
"notes": [
{
"category": "general",
"text": "A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28974",
"url": "https://www.suse.com/security/cve/CVE-2020-28974"
},
{
"category": "external",
"summary": "SUSE Bug 1178589 for CVE-2020-28974",
"url": "https://bugzilla.suse.com/1178589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-28974"
},
{
"cve": "CVE-2020-29371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29371"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29371",
"url": "https://www.suse.com/security/cve/CVE-2020-29371"
},
{
"category": "external",
"summary": "SUSE Bug 1179429 for CVE-2020-29371",
"url": "https://bugzilla.suse.com/1179429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-29371"
},
{
"cve": "CVE-2020-4788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-4788"
}
],
"notes": [
{
"category": "general",
"text": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-4788",
"url": "https://www.suse.com/security/cve/CVE-2020-4788"
},
{
"category": "external",
"summary": "SUSE Bug 1177666 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "external",
"summary": "SUSE Bug 1181158 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1181158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-4788"
}
]
}
OPENSUSE-SU-2020:2260-1
Vulnerability from csaf_opensuse - Published: 2020-12-15 09:29 - Updated: 2020-12-15 09:29Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
- CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).
- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
- CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).
- CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)
- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
- CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).
- CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).
- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).
- CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).
The following non-security bugs were fixed:
- 9P: Cast to loff_t before multiplying (git-fixes).
- ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).
- ACPICA: Add NHLT table signature (bsc#1176200).
- ACPI: dock: fix enum-conversion warning (git-fixes).
- ACPI / extlog: Check for RDMSR failure (git-fixes).
- ACPI: GED: fix -Wformat (git-fixes).
- ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).
- Add bug reference to two hv_netvsc patches (bsc#1178853).
- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).
- ALSA: fix kernel-doc markups (git-fixes).
- ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).
- ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).
- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).
- ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).
- ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).
- ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).
- ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).
- ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).
- ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).
- ALSA: mixart: Fix mutex deadlock (git-fixes).
- ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
- ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).
- arm64: bpf: Fix branch offset in JIT (git-fixes).
- arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).
- arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).
- arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).
- arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).
- arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).
- arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).
- arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).
- arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).
- arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).
- arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).
- arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).
- arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).
- arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).
- arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).
- arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).
- arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).
- arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).
- arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).
- arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).
- arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).
- ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).
- ASoC: cs42l51: manage mclk shutdown delay (git-fixes).
- ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).
- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
- ASoC: qcom: sdm845: set driver name correctly (git-fixes).
- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).
- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).
- batman-adv: set .owner to THIS_MODULE (git-fixes).
- bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).
- bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).
- bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).
- bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).
- bpf: Zero-fill re-used per-cpu map element (bsc#1155518).
- btrfs: Account for merged patches upstream Move below patches to sorted section.
- btrfs: cleanup cow block on error (bsc#1178584).
- btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).
- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).
- btrfs: fix relocation failure due to race with fallocate (bsc#1179217).
- btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).
- btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).
- btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).
- btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).
- btrfs: reschedule if necessary when logging directory items (bsc#1178585).
- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).
- btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).
- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).
- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).
- can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).
- can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).
- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).
- can: dev: can_restart(): post buffer from the right context (git-fixes).
- can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).
- can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes).
- can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).
- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
- can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).
- can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).
- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).
- can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).
- can: peak_usb: add range checking in decode operations (git-fixes).
- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).
- can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).
- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).
- ceph: add check_session_state() helper and make it global (bsc#1179012).
- ceph: check session state after bumping session->s_seq (bsc#1179012).
- ceph: check the sesion state and return false in case it is closed (bsc#1179012).
- ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).
- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
- cfg80211: initialize wdev data earlier (git-fixes).
- cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- clk: define to_clk_regmap() as inline function (git-fixes).
- Convert trailing spaces and periods in path components (bsc#1179424).
- cosa: Add missing kfree in error path of cosa_write (git-fixes).
- dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).
- dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).
- Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419)
- devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).
- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
- Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).
- Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process.
- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).
- drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).
- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).
- Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.
- EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).
- EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).
- EDAC/amd64: Gather hardware information early (bsc#1179001).
- EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).
- EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).
- EDAC/amd64: Save max number of controllers to family type (bsc#1179001).
- EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).
- efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).
- efi: efibc: check for efivars write capability (git-fixes).
- efi: EFI_EARLYCON should depend on EFI (git-fixes).
- efi/efivars: Set generic ops before loading SSDT (git-fixes).
- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).
- efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).
- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
- efivarfs: fix memory leak in efivarfs_create() (git-fixes).
- efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).
- efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).
- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).
- efi/x86: Fix the deletion of variables in mixed mode (git-fixes).
- efi/x86: Free efi_pgd with free_pages() (git-fixes).
- efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).
- efi/x86: Ignore the memory attributes table on i386 (git-fixes).
- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
- exfat: fix name_hash computation on big endian systems (git-fixes).
- exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).
- exfat: fix possible memory leak in exfat_find() (git-fixes).
- exfat: fix use of uninitialized spinlock on error path (git-fixes).
- exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).
- Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.
- ftrace: Fix recursion check for NMI test (git-fixes).
- ftrace: Handle tracing when switching between context (git-fixes).
- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
- futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032).
- gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).
- gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).
- gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).
- HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).
- HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).
- HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).
- HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).
- hv_balloon: disable warning when floor reached (git-fixes).
- hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).
- hv_netvsc: Add XDP support (bsc#1177820).
- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).
- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).
- hv_netvsc: record hardware hash in skb (bsc#1177820).
- hwmon: (pwm-fan) Fix RPM calculation (git-fixes).
- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
- i2c: mediatek: move dma reset before i2c reset (git-fixes).
- i2c: sh_mobile: implement atomic transfers (git-fixes).
- igc: Fix not considering the TX delay for timestamps (bsc#1160634).
- igc: Fix wrong timestamp latency numbers (bsc#1160634).
- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).
- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).
- iio: adc: mediatek: fix unset field (git-fixes).
- iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).
- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
- Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).
- intel_idle: Customize IceLake server support (bsc#1178286).
- ionic: check port ptr before use (bsc#1167773).
- iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).
- kABI: revert use_mm name change (MM Functionality, bsc#1178426).
- kABI workaround for HD-audio (git-fixes).
- kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).
- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install
- kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).
- kgdb: Fix spurious true from in_dbg_master() (git-fixes).
- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).
- KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).
- lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes).
- lan743x: fix issue causing intermittent kernel log warnings (git-fixes).
- lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).
- leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).
- libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).
- libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).
- lib/crc32test: remove extra local_irq_disable/enable (git-fixes).
- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).
- mac80211: always wind down STA state (git-fixes).
- mac80211: fix use of skb payload instead of header (git-fixes).
- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
- mac80211: minstrel: fix tx status processing corner case (git-fixes).
- mac80211: minstrel: remove deferred sampling code (git-fixes).
- media: imx274: fix frame interval handling (git-fixes).
- media: platform: Improve queue set up flow for bug fixing (git-fixes).
- media: tw5864: check status of tw5864_frameinterval_get (git-fixes).
- media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).
- media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).
- mei: protect mei_cl_mtu from null dereference (git-fixes).
- memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).
- mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).
- mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).
- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).
- mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).
- mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).
- mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).
- mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).
- mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).
- mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).
- mm, memcg: fix inconsistent oom event behavior (bsc#1178659).
- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
- mm/memcontrol.c: add missed css_put() (bsc#1178661).
- mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).
- mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).
- mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).
- mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).
- mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).
- modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).
- net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).
- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).
- net: ena: Change license into format to SPDX in all files (bsc#1177397).
- net: ena: Change log message to netif/dev function (bsc#1177397).
- net: ena: Change RSS related macros and variables names (bsc#1177397).
- net: ena: ethtool: Add new device statistics (bsc#1177397).
- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).
- net: ena: Fix all static chekers' warnings (bsc#1177397).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
- net: ena: handle bad request id in ena_netdev (bsc#1174852).
- net: ena: Remove redundant print of placement policy (bsc#1177397).
- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
- net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).
- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).
- net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).
- net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).
- net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).
- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).
- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).
- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).
- NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).
- nvme: do not update disk info for multipathed device (bsc#1171558).
- nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).
- p54: avoid accessing the data mapped to streaming DMA (git-fixes).
- PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).
- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
- pinctrl: aspeed: Fix GPI only function problem (git-fixes).
- pinctrl: intel: Set default bias in case no particular value given (git-fixes).
- platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).
- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).
- PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).
- powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).
- powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).
- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).
- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).
- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).
- powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).
- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).
- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
- power: supply: bq27xxx: report 'not charging' on all types (git-fixes).
- power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).
- qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).
- RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).
- RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).
- RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).
- RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).
- RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).
- RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).
- RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).
- reboot: fix overflow parsing reboot cpu number (git-fixes).
- Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983)
- regulator: avoid resolve_supply() infinite recursion (git-fixes).
- regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).
- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).
- regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes).
- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).
- regulator: workaround self-referent regulators (git-fixes).
- Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'.
- Revert 'cdc-acm: hardening against malicious devices' (git-fixes).
- Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).
- Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550).
- rfkill: Fix use-after-free in rfkill_resume() (git-fixes).
- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).
- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger -<dimstar@opensuse.org>
- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.
- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.
- s390/bpf: Fix multiple tail calls (git-fixes).
- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).
- s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).
- s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
- s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).
- s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).
- s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).
- sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).
- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).
- sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).
- sched: Fix rq->nr_iowait ordering (git fixes (sched)).
- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
- scsi: libiscsi: Fix NOP race condition (bsc#1176481).
- scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).
- serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).
- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).
- spi: lpspi: Fix use-after-free on unbind (git-fixes).
- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).
- staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).
- staging: octeon: repair 'fixed-link' support (git-fixes).
- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).
- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).
- SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).
- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).
- tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).
- thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).
- thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).
- timer: Fix wheel index calculation on last level (git-fixes).
- timer: Prevent base->clk from moving backward (git-fixes).
- tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).
- tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).
- tracing: Fix out of bounds write in get_trace_buf (git-fixes).
- tty: serial: fsl_lpuart: add LS1028A support (git-fixes).
- tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).
- tty: serial: imx: fix potential deadlock (git-fixes).
- tty: serial: imx: keep console clocks always on (git-fixes).
- uio: Fix use-after-free in uio_unregister_device() (git-fixes).
- uio: free uio id after uio file node is freed (git-fixes).
- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).
- USB: adutux: fix debugging (git-fixes).
- USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
- USB: cdc-acm: fix cooldown mechanism (git-fixes).
- USB: core: Change %pK for __user pointers to %px (git-fixes).
- USB: core: driver: fix stray tabs in error messages (git-fixes).
- USB: core: Fix regression in Hercules audio card (git-fixes).
- USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
- USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
- USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).
- USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).
- USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).
- USB: serial: cyberjack: fix write-URB completion race (git-fixes).
- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).
- USB: serial: option: add Quectel EC200T module support (git-fixes).
- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).
- USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).
- USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).
- USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).
- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
- video: hyperv_fb: include vmalloc.h (git-fixes).
- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
- virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).
- vt: Disable KD_FONT_OP_COPY (bsc#1178589).
- x86/hyperv: Clarify comment on x2apic mode (git-fixes).
- x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).
- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).
- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).
- xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).
- xfs: do not update mtime on COW faults (bsc#1167030).
- xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).
- xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes).
- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).
- xfs: fix rmap key and record comparison functions (git-fixes).
- xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).
- xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).
- xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).
- xfs: prohibit fs freezing when using empty transactions (bsc#1179442).
- xfs: remove unused variable 'done' (bsc#1166166).
- xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).
- xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).
- xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).
- xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).
- xhci: Fix sizeof() mismatch (git-fixes).
- xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).
kernel-default-base fixes the following issues:
- Add wireguard kernel module (bsc#1179225)
- Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2020-2260
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
133 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n- CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n- CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n- CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n- CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n- CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n- CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe following non-security bugs were fixed:\n\n\n- 9P: Cast to loff_t before multiplying (git-fixes).\n- ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n- ACPICA: Add NHLT table signature (bsc#1176200).\n- ACPI: dock: fix enum-conversion warning (git-fixes).\n- ACPI / extlog: Check for RDMSR failure (git-fixes).\n- ACPI: GED: fix -Wformat (git-fixes).\n- ACPI: NFIT: Fix comparison to \u0027-ENXIO\u0027 (git-fixes).\n- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n- Add bug reference to two hv_netvsc patches (bsc#1178853).\n- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n- ALSA: fix kernel-doc markups (git-fixes).\n- ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n- ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n- ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n- ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n- ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n- ALSA: hda/realtek - Fixed HP headset Mic can\u0027t be detected (git-fixes).\n- ALSA: hda/realtek - HP Headset Mic can\u0027t detect after boot (git-fixes).\n- ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n- ALSA: mixart: Fix mutex deadlock (git-fixes).\n- ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n- ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n- arm64: bpf: Fix branch offset in JIT (git-fixes).\n- arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n- arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n- arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n- arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n- arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n- arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n- arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n- arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n- arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n- arm64: vdso: Add \u0027-Bsymbolic\u0027 to ldflags (git-fixes).\n- arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n- ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n- ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n- ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n- ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n- batman-adv: set .owner to THIS_MODULE (git-fixes).\n- bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n- bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n- bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n- bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n- bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n- btrfs: Account for merged patches upstream Move below patches to sorted section.\n- btrfs: cleanup cow block on error (bsc#1178584).\n- btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n- btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n- btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n- btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n- btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n- btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n- btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n- btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n- can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).\n- can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n- can: dev: can_restart(): post buffer from the right context (git-fixes).\n- can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n- can: flexcan: flexcan_setup_stop_mode(): add missing \u0027req_bit\u0027 to stop mode property comment (git-fixes).\n- can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n- can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n- can: m_can: fix nominal bitiming tseg2 min for version \u003e= 3.1 (git-fixes).\n- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n- can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n- can: peak_usb: add range checking in decode operations (git-fixes).\n- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n- can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n- ceph: add check_session_state() helper and make it global (bsc#1179012).\n- ceph: check session state after bumping session-\u003es_seq (bsc#1179012).\n- ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n- ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n- cfg80211: initialize wdev data earlier (git-fixes).\n- cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n- cifs: remove bogus debug code (bsc#1179427).\n- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n- clk: define to_clk_regmap() as inline function (git-fixes).\n- Convert trailing spaces and periods in path components (bsc#1179424).\n- cosa: Add missing kfree in error path of cosa_write (git-fixes).\n- dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n- dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n- Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419)\n- devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n- Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n- Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process.\n- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n- drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n- Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n- EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n- EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n- EDAC/amd64: Gather hardware information early (bsc#1179001).\n- EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n- EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n- EDAC/amd64: Save max number of controllers to family type (bsc#1179001). \n- EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n- efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n- efi: efibc: check for efivars write capability (git-fixes).\n- efi: EFI_EARLYCON should depend on EFI (git-fixes).\n- efi/efivars: Set generic ops before loading SSDT (git-fixes).\n- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n- efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n- efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n- efivarfs: revert \u0027fix memory leak in efivarfs_create()\u0027 (git-fixes).\n- efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n- efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n- efi/x86: Free efi_pgd with free_pages() (git-fixes).\n- efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n- efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n- exfat: fix name_hash computation on big endian systems (git-fixes).\n- exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n- exfat: fix possible memory leak in exfat_find() (git-fixes).\n- exfat: fix use of uninitialized spinlock on error path (git-fixes).\n- exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n- Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n- ftrace: Fix recursion check for NMI test (git-fixes).\n- ftrace: Handle tracing when switching between context (git-fixes).\n- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n- futex: Handle transient \u0027ownerless\u0027 rtmutex state correctly (bsc#1149032).\n- gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n- gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n- gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n- HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n- HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n- HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n- HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n- hv_balloon: disable warning when floor reached (git-fixes).\n- hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n- hv_netvsc: Add XDP support (bsc#1177820).\n- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n- hv_netvsc: record hardware hash in skb (bsc#1177820).\n- hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n- i2c: mediatek: move dma reset before i2c reset (git-fixes).\n- i2c: sh_mobile: implement atomic transfers (git-fixes).\n- igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n- igc: Fix wrong timestamp latency numbers (bsc#1160634).\n- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n- iio: adc: mediatek: fix unset field (git-fixes).\n- iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n- Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n- intel_idle: Customize IceLake server support (bsc#1178286).\n- ionic: check port ptr before use (bsc#1167773).\n- iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n- kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n- kABI workaround for HD-audio (git-fixes).\n- kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)\n- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install\n- kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n- kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n- KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n- lan743x: fix \u0027BUG: invalid wait context\u0027 when setting rx mode (git-fixes).\n- lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n- lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n- leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n- libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n- libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n- lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n- mac80211: always wind down STA state (git-fixes).\n- mac80211: fix use of skb payload instead of header (git-fixes).\n- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n- mac80211: minstrel: fix tx status processing corner case (git-fixes).\n- mac80211: minstrel: remove deferred sampling code (git-fixes).\n- media: imx274: fix frame interval handling (git-fixes).\n- media: platform: Improve queue set up flow for bug fixing (git-fixes).\n- media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n- media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n- media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n- mei: protect mei_cl_mtu from null dereference (git-fixes).\n- memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).\n- mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n- mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n- mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n- mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n- mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n- mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n- mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n- mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n- mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n- mm/memcontrol.c: add missed css_put() (bsc#1178661).\n- mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n- mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n- mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n- mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n- mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n- modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n- net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n- net: ena: Change license into format to SPDX in all files (bsc#1177397).\n- net: ena: Change log message to netif/dev function (bsc#1177397).\n- net: ena: Change RSS related macros and variables names (bsc#1177397).\n- net: ena: ethtool: Add new device statistics (bsc#1177397).\n- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n- net: ena: Fix all static chekers\u0027 warnings (bsc#1177397).\n- net: ena: fix packet\u0027s addresses for rx_offset feature (bsc#1174852).\n- net: ena: handle bad request id in ena_netdev (bsc#1174852).\n- net: ena: Remove redundant print of placement policy (bsc#1177397).\n- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n- net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).\n- net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n- net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n- net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n- nvme: do not update disk info for multipathed device (bsc#1171558).\n- nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n- p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n- PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n- pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n- pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n- platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n- PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n- powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n- powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n- powerpc/vnic: Extend \u0027failover pending\u0027 window (bsc#1176855 ltc#187293).\n- power: supply: bq27xxx: report \u0027not charging\u0027 on all types (git-fixes).\n- power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n- qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n- RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n- RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n- RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n- RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n- RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n- RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n- RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n- reboot: fix overflow parsing reboot cpu number (git-fixes).\n- Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) \n- regulator: avoid resolve_supply() infinite recursion (git-fixes).\n- regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n- regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes).\n- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n- regulator: workaround self-referent regulators (git-fixes).\n- Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc \u0027(kABI: revert use_mm name change (MM Functionality, bsc#1178426))\u0027. \n- Revert \u0027cdc-acm: hardening against malicious devices\u0027 (git-fixes).\n- Revert \u0027kernel/reboot.c: convert simple_strtoul to kstrtoint\u0027 (git-fixes).\n- Revert \u0027xfs: complain if anyone tries to create a too-large buffer\u0027 (bsc#1179425, bsc#1179550).\n- rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger -\u003cdimstar@opensuse.org\u003e\n- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.\n- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for \u0027grep -E\u0027. So use the latter instead.\n- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).\n- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\\.x86_64.rpm$ . i586 in Factory\u0027s prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.\n- s390/bpf: Fix multiple tail calls (git-fixes).\n- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n- s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n- s390/dasd: fix null pointer dereference for ERP requests (git-fixes).\n- s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n- s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n- s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n- sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n- sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n- sched: Fix rq-\u003enr_iowait ordering (git fixes (sched)).\n- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section\n- scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n- scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n- serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n- spi: lpspi: Fix use-after-free on unbind (git-fixes).\n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n- staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n- staging: octeon: repair \u0027fixed-link\u0027 support (git-fixes).\n- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n- SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n- tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n- thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n- thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n- timer: Fix wheel index calculation on last level (git-fixes).\n- timer: Prevent base-\u003eclk from moving backward (git-fixes).\n- tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n- tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n- tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n- tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n- tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n- tty: serial: imx: fix potential deadlock (git-fixes).\n- tty: serial: imx: keep console clocks always on (git-fixes).\n- uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n- uio: free uio id after uio file node is freed (git-fixes).\n- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n- USB: adutux: fix debugging (git-fixes).\n- USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n- USB: cdc-acm: fix cooldown mechanism (git-fixes).\n- USB: core: Change %pK for __user pointers to %px (git-fixes).\n- USB: core: driver: fix stray tabs in error messages (git-fixes).\n- USB: core: Fix regression in Hercules audio card (git-fixes).\n- USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n- USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n- USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n- USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n- USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n- USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n- USB: serial: option: add Quectel EC200T module support (git-fixes).\n- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n- USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n- USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n- USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n- video: hyperv_fb: include vmalloc.h (git-fixes).\n- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n- virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n- vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n- x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n- x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n- xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n- xfs: do not update mtime on COW faults (bsc#1167030).\n- xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n- xfs: fix brainos in the refcount scrubber\u0027s rmap fragment processor (git-fixes).\n- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n- xfs: fix rmap key and record comparison functions (git-fixes).\n- xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n- xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n- xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n- xfs: prohibit fs freezing when using empty transactions (bsc#1179442).\n- xfs: remove unused variable \u0027done\u0027 (bsc#1166166).\n- xfs: revert \u0027xfs: fix rmap key and record comparison functions\u0027 (git-fixes).\n- xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n- xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n- xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n- xhci: Fix sizeof() mismatch (git-fixes).\n- xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).\n\nkernel-default-base fixes the following issues:\n\n- Add wireguard kernel module (bsc#1179225)\n- Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2260",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2260-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2260-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZYES3O2NEKKQXQ3R5CZOH5YCWJ3TJSKH/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2260-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZYES3O2NEKKQXQ3R5CZOH5YCWJ3TJSKH/"
},
{
"category": "self",
"summary": "SUSE Bug 1149032",
"url": "https://bugzilla.suse.com/1149032"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1153274",
"url": "https://bugzilla.suse.com/1153274"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1155518",
"url": "https://bugzilla.suse.com/1155518"
},
{
"category": "self",
"summary": "SUSE Bug 1160634",
"url": "https://bugzilla.suse.com/1160634"
},
{
"category": "self",
"summary": "SUSE Bug 1166146",
"url": "https://bugzilla.suse.com/1166146"
},
{
"category": "self",
"summary": "SUSE Bug 1166166",
"url": "https://bugzilla.suse.com/1166166"
},
{
"category": "self",
"summary": "SUSE Bug 1167030",
"url": "https://bugzilla.suse.com/1167030"
},
{
"category": "self",
"summary": "SUSE Bug 1167773",
"url": "https://bugzilla.suse.com/1167773"
},
{
"category": "self",
"summary": "SUSE Bug 1170139",
"url": "https://bugzilla.suse.com/1170139"
},
{
"category": "self",
"summary": "SUSE Bug 1171073",
"url": "https://bugzilla.suse.com/1171073"
},
{
"category": "self",
"summary": "SUSE Bug 1171558",
"url": "https://bugzilla.suse.com/1171558"
},
{
"category": "self",
"summary": "SUSE Bug 1172873",
"url": "https://bugzilla.suse.com/1172873"
},
{
"category": "self",
"summary": "SUSE Bug 1173504",
"url": "https://bugzilla.suse.com/1173504"
},
{
"category": "self",
"summary": "SUSE Bug 1174852",
"url": "https://bugzilla.suse.com/1174852"
},
{
"category": "self",
"summary": "SUSE Bug 1175306",
"url": "https://bugzilla.suse.com/1175306"
},
{
"category": "self",
"summary": "SUSE Bug 1175918",
"url": "https://bugzilla.suse.com/1175918"
},
{
"category": "self",
"summary": "SUSE Bug 1176109",
"url": "https://bugzilla.suse.com/1176109"
},
{
"category": "self",
"summary": "SUSE Bug 1176180",
"url": "https://bugzilla.suse.com/1176180"
},
{
"category": "self",
"summary": "SUSE Bug 1176200",
"url": "https://bugzilla.suse.com/1176200"
},
{
"category": "self",
"summary": "SUSE Bug 1176481",
"url": "https://bugzilla.suse.com/1176481"
},
{
"category": "self",
"summary": "SUSE Bug 1176586",
"url": "https://bugzilla.suse.com/1176586"
},
{
"category": "self",
"summary": "SUSE Bug 1176855",
"url": "https://bugzilla.suse.com/1176855"
},
{
"category": "self",
"summary": "SUSE Bug 1176983",
"url": "https://bugzilla.suse.com/1176983"
},
{
"category": "self",
"summary": "SUSE Bug 1177066",
"url": "https://bugzilla.suse.com/1177066"
},
{
"category": "self",
"summary": "SUSE Bug 1177070",
"url": "https://bugzilla.suse.com/1177070"
},
{
"category": "self",
"summary": "SUSE Bug 1177353",
"url": "https://bugzilla.suse.com/1177353"
},
{
"category": "self",
"summary": "SUSE Bug 1177397",
"url": "https://bugzilla.suse.com/1177397"
},
{
"category": "self",
"summary": "SUSE Bug 1177577",
"url": "https://bugzilla.suse.com/1177577"
},
{
"category": "self",
"summary": "SUSE Bug 1177666",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "self",
"summary": "SUSE Bug 1177703",
"url": "https://bugzilla.suse.com/1177703"
},
{
"category": "self",
"summary": "SUSE Bug 1177820",
"url": "https://bugzilla.suse.com/1177820"
},
{
"category": "self",
"summary": "SUSE Bug 1178123",
"url": "https://bugzilla.suse.com/1178123"
},
{
"category": "self",
"summary": "SUSE Bug 1178182",
"url": "https://bugzilla.suse.com/1178182"
},
{
"category": "self",
"summary": "SUSE Bug 1178227",
"url": "https://bugzilla.suse.com/1178227"
},
{
"category": "self",
"summary": "SUSE Bug 1178286",
"url": "https://bugzilla.suse.com/1178286"
},
{
"category": "self",
"summary": "SUSE Bug 1178304",
"url": "https://bugzilla.suse.com/1178304"
},
{
"category": "self",
"summary": "SUSE Bug 1178330",
"url": "https://bugzilla.suse.com/1178330"
},
{
"category": "self",
"summary": "SUSE Bug 1178393",
"url": "https://bugzilla.suse.com/1178393"
},
{
"category": "self",
"summary": "SUSE Bug 1178401",
"url": "https://bugzilla.suse.com/1178401"
},
{
"category": "self",
"summary": "SUSE Bug 1178426",
"url": "https://bugzilla.suse.com/1178426"
},
{
"category": "self",
"summary": "SUSE Bug 1178461",
"url": "https://bugzilla.suse.com/1178461"
},
{
"category": "self",
"summary": "SUSE Bug 1178579",
"url": "https://bugzilla.suse.com/1178579"
},
{
"category": "self",
"summary": "SUSE Bug 1178581",
"url": "https://bugzilla.suse.com/1178581"
},
{
"category": "self",
"summary": "SUSE Bug 1178584",
"url": "https://bugzilla.suse.com/1178584"
},
{
"category": "self",
"summary": "SUSE Bug 1178585",
"url": "https://bugzilla.suse.com/1178585"
},
{
"category": "self",
"summary": "SUSE Bug 1178589",
"url": "https://bugzilla.suse.com/1178589"
},
{
"category": "self",
"summary": "SUSE Bug 1178635",
"url": "https://bugzilla.suse.com/1178635"
},
{
"category": "self",
"summary": "SUSE Bug 1178653",
"url": "https://bugzilla.suse.com/1178653"
},
{
"category": "self",
"summary": "SUSE Bug 1178659",
"url": "https://bugzilla.suse.com/1178659"
},
{
"category": "self",
"summary": "SUSE Bug 1178661",
"url": "https://bugzilla.suse.com/1178661"
},
{
"category": "self",
"summary": "SUSE Bug 1178669",
"url": "https://bugzilla.suse.com/1178669"
},
{
"category": "self",
"summary": "SUSE Bug 1178686",
"url": "https://bugzilla.suse.com/1178686"
},
{
"category": "self",
"summary": "SUSE Bug 1178740",
"url": "https://bugzilla.suse.com/1178740"
},
{
"category": "self",
"summary": "SUSE Bug 1178755",
"url": "https://bugzilla.suse.com/1178755"
},
{
"category": "self",
"summary": "SUSE Bug 1178762",
"url": "https://bugzilla.suse.com/1178762"
},
{
"category": "self",
"summary": "SUSE Bug 1178838",
"url": "https://bugzilla.suse.com/1178838"
},
{
"category": "self",
"summary": "SUSE Bug 1178853",
"url": "https://bugzilla.suse.com/1178853"
},
{
"category": "self",
"summary": "SUSE Bug 1178886",
"url": "https://bugzilla.suse.com/1178886"
},
{
"category": "self",
"summary": "SUSE Bug 1179001",
"url": "https://bugzilla.suse.com/1179001"
},
{
"category": "self",
"summary": "SUSE Bug 1179012",
"url": "https://bugzilla.suse.com/1179012"
},
{
"category": "self",
"summary": "SUSE Bug 1179014",
"url": "https://bugzilla.suse.com/1179014"
},
{
"category": "self",
"summary": "SUSE Bug 1179015",
"url": "https://bugzilla.suse.com/1179015"
},
{
"category": "self",
"summary": "SUSE Bug 1179045",
"url": "https://bugzilla.suse.com/1179045"
},
{
"category": "self",
"summary": "SUSE Bug 1179076",
"url": "https://bugzilla.suse.com/1179076"
},
{
"category": "self",
"summary": "SUSE Bug 1179082",
"url": "https://bugzilla.suse.com/1179082"
},
{
"category": "self",
"summary": "SUSE Bug 1179107",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "self",
"summary": "SUSE Bug 1179140",
"url": "https://bugzilla.suse.com/1179140"
},
{
"category": "self",
"summary": "SUSE Bug 1179141",
"url": "https://bugzilla.suse.com/1179141"
},
{
"category": "self",
"summary": "SUSE Bug 1179160",
"url": "https://bugzilla.suse.com/1179160"
},
{
"category": "self",
"summary": "SUSE Bug 1179201",
"url": "https://bugzilla.suse.com/1179201"
},
{
"category": "self",
"summary": "SUSE Bug 1179211",
"url": "https://bugzilla.suse.com/1179211"
},
{
"category": "self",
"summary": "SUSE Bug 1179217",
"url": "https://bugzilla.suse.com/1179217"
},
{
"category": "self",
"summary": "SUSE Bug 1179225",
"url": "https://bugzilla.suse.com/1179225"
},
{
"category": "self",
"summary": "SUSE Bug 1179419",
"url": "https://bugzilla.suse.com/1179419"
},
{
"category": "self",
"summary": "SUSE Bug 1179424",
"url": "https://bugzilla.suse.com/1179424"
},
{
"category": "self",
"summary": "SUSE Bug 1179425",
"url": "https://bugzilla.suse.com/1179425"
},
{
"category": "self",
"summary": "SUSE Bug 1179426",
"url": "https://bugzilla.suse.com/1179426"
},
{
"category": "self",
"summary": "SUSE Bug 1179427",
"url": "https://bugzilla.suse.com/1179427"
},
{
"category": "self",
"summary": "SUSE Bug 1179429",
"url": "https://bugzilla.suse.com/1179429"
},
{
"category": "self",
"summary": "SUSE Bug 1179432",
"url": "https://bugzilla.suse.com/1179432"
},
{
"category": "self",
"summary": "SUSE Bug 1179442",
"url": "https://bugzilla.suse.com/1179442"
},
{
"category": "self",
"summary": "SUSE Bug 1179550",
"url": "https://bugzilla.suse.com/1179550"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15436 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25669 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25704 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27777 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28915 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28941 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28974 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29369 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29371 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-4788 page",
"url": "https://www.suse.com/security/cve/CVE-2020-4788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-12-15T09:29:17Z",
"generator": {
"date": "2020-12-15T09:29:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2260-1",
"initial_release_date": "2020-12-15T09:29:17Z",
"revision_history": [
{
"date": "2020-12-15T09:29:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"product": {
"name": "kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"product_id": "kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"product": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"product_id": "kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
},
"product_reference": "kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
},
"product_reference": "kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15436"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15436",
"url": "https://www.suse.com/security/cve/CVE-2020-15436"
},
{
"category": "external",
"summary": "SUSE Bug 1179141 for CVE-2020-15436",
"url": "https://bugzilla.suse.com/1179141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-15436"
},
{
"cve": "CVE-2020-15437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15437"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15437",
"url": "https://www.suse.com/security/cve/CVE-2020-15437"
},
{
"category": "external",
"summary": "SUSE Bug 1179140 for CVE-2020-15437",
"url": "https://bugzilla.suse.com/1179140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-15437"
},
{
"cve": "CVE-2020-25668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25668"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25668",
"url": "https://www.suse.com/security/cve/CVE-2020-25668"
},
{
"category": "external",
"summary": "SUSE Bug 1178123 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178123"
},
{
"category": "external",
"summary": "SUSE Bug 1178622 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178622"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "important"
}
],
"title": "CVE-2020-25668"
},
{
"cve": "CVE-2020-25669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25669"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25669",
"url": "https://www.suse.com/security/cve/CVE-2020-25669"
},
{
"category": "external",
"summary": "SUSE Bug 1178182 for CVE-2020-25669",
"url": "https://bugzilla.suse.com/1178182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-25669"
},
{
"cve": "CVE-2020-25704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25704"
}
],
"notes": [
{
"category": "general",
"text": "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25704",
"url": "https://www.suse.com/security/cve/CVE-2020-25704"
},
{
"category": "external",
"summary": "SUSE Bug 1178393 for CVE-2020-25704",
"url": "https://bugzilla.suse.com/1178393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-25704"
},
{
"cve": "CVE-2020-27777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27777"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27777",
"url": "https://www.suse.com/security/cve/CVE-2020-27777"
},
{
"category": "external",
"summary": "SUSE Bug 1179107 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "external",
"summary": "SUSE Bug 1179419 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179419"
},
{
"category": "external",
"summary": "SUSE Bug 1200343 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1200343"
},
{
"category": "external",
"summary": "SUSE Bug 1220060 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1220060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-28915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28915"
}
],
"notes": [
{
"category": "general",
"text": "A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28915",
"url": "https://www.suse.com/security/cve/CVE-2020-28915"
},
{
"category": "external",
"summary": "SUSE Bug 1178886 for CVE-2020-28915",
"url": "https://bugzilla.suse.com/1178886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-28915"
},
{
"cve": "CVE-2020-28941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28941"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28941",
"url": "https://www.suse.com/security/cve/CVE-2020-28941"
},
{
"category": "external",
"summary": "SUSE Bug 1178740 for CVE-2020-28941",
"url": "https://bugzilla.suse.com/1178740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-28941"
},
{
"cve": "CVE-2020-28974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28974"
}
],
"notes": [
{
"category": "general",
"text": "A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28974",
"url": "https://www.suse.com/security/cve/CVE-2020-28974"
},
{
"category": "external",
"summary": "SUSE Bug 1178589 for CVE-2020-28974",
"url": "https://bugzilla.suse.com/1178589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-28974"
},
{
"cve": "CVE-2020-29369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29369"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29369",
"url": "https://www.suse.com/security/cve/CVE-2020-29369"
},
{
"category": "external",
"summary": "SUSE Bug 1173504 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1173504"
},
{
"category": "external",
"summary": "SUSE Bug 1179432 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1179432"
},
{
"category": "external",
"summary": "SUSE Bug 1179646 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1179646"
},
{
"category": "external",
"summary": "SUSE Bug 1182109 for CVE-2020-29369",
"url": "https://bugzilla.suse.com/1182109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "important"
}
],
"title": "CVE-2020-29369"
},
{
"cve": "CVE-2020-29371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29371"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29371",
"url": "https://www.suse.com/security/cve/CVE-2020-29371"
},
{
"category": "external",
"summary": "SUSE Bug 1179429 for CVE-2020-29371",
"url": "https://bugzilla.suse.com/1179429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-29371"
},
{
"cve": "CVE-2020-4788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-4788"
}
],
"notes": [
{
"category": "general",
"text": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-4788",
"url": "https://www.suse.com/security/cve/CVE-2020-4788"
},
{
"category": "external",
"summary": "SUSE Bug 1177666 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "external",
"summary": "SUSE Bug 1181158 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1181158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-15T09:29:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-4788"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…