Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11668 (GCVE-0-2020-11668)
Vulnerability from cvelistv5 – Published: 2020-04-09 20:13 – Updated: 2024-08-04 11:35
VLAI
EPSS
Summary
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
Severity
7.1 (High)
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/a246b4d5… | x_refsource_MISC |
| https://git.kernel.org/cgit/linux/kernel/git/torv… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2020043… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4345-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4364-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4368-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4369-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2020/dsa-4698 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
},
{
"name": "USN-4345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4364-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4364-1/"
},
{
"name": "USN-4368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4368-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T19:06:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
},
{
"name": "USN-4345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4364-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4364-1/"
},
{
"name": "USN-4368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4368-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1"
},
{
"name": "https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200430-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
},
{
"name": "USN-4345-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4364-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4364-1/"
},
{
"name": "USN-4368-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4368-1/"
},
{
"name": "USN-4369-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11668",
"datePublished": "2020-04-09T20:13:02.000Z",
"dateReserved": "2020-04-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:35:13.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-11668",
"date": "2026-06-04",
"epss": "0.00047",
"percentile": "0.14832"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11668\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-09T21:15:15.327\",\"lastModified\":\"2024-11-21T04:58:21.817\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.\"},{\"lang\":\"es\",\"value\":\"En el archivo drivers/media/usb/gspca/xirlink_cit.c de kernel de Linux versiones anteriores a 5.6.1, (tambi\u00e9n se conoce como el controlador USB de la c\u00e1mara Xirlink) maneja inapropiadamente los descriptores no v\u00e1lidos, tambi\u00e9n se conoce como CID-a246b4d54770.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:C\",\"baseScore\":5.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":7.8,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.6.1\",\"matchCriteriaId\":\"BB94C1F6-38C4-44F6-93E8-199096A6F86A\"}]}]}],\"references\":[{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200430-0004/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4345-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4364-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4368-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4369-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4698\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200430-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4345-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4364-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4368-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4369-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4698\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2020:2507-1
Vulnerability from csaf_suse - Published: 2020-09-04 11:31 - Updated: 2020-09-04 11:31Summary
Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4)
Description of the patch: This update for the Linux Kernel 4.12.14-95_48 fixes several issues.
The following security issues were fixed:
- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).
- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).
- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).
- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).
- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).
Patchnames: SUSE-2020-2507,SUSE-SLE-Live-Patching-12-SP4-2020-2507
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-95_48 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).\n- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).\n- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2507,SUSE-SLE-Live-Patching-12-SP4-2020-2507",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2507-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2507-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202507-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2507-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007357.html"
},
{
"category": "self",
"summary": "SUSE Bug 1173659",
"url": "https://bugzilla.suse.com/1173659"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1173963",
"url": "https://bugzilla.suse.com/1173963"
},
{
"category": "self",
"summary": "SUSE Bug 1174186",
"url": "https://bugzilla.suse.com/1174186"
},
{
"category": "self",
"summary": "SUSE Bug 1174247",
"url": "https://bugzilla.suse.com/1174247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16746 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9458 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15780 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15780/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4)",
"tracking": {
"current_release_date": "2020-09-04T11:31:05Z",
"generator": {
"date": "2020-09-04T11:31:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2507-1",
"initial_release_date": "2020-09-04T11:31:05Z",
"revision_history": [
{
"date": "2020-09-04T11:31:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"product_id": "kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64",
"product_id": "kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16746"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16746",
"url": "https://www.suse.com/security/cve/CVE-2019-16746"
},
{
"category": "external",
"summary": "SUSE Bug 1152107 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1152107"
},
{
"category": "external",
"summary": "SUSE Bug 1173659 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1173659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-16746"
},
{
"cve": "CVE-2019-9458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9458"
}
],
"notes": [
{
"category": "general",
"text": "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9458",
"url": "https://www.suse.com/security/cve/CVE-2019-9458"
},
{
"category": "external",
"summary": "SUSE Bug 1168295 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1168295"
},
{
"category": "external",
"summary": "SUSE Bug 1173963 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1173963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:31:05Z",
"details": "important"
}
],
"title": "CVE-2019-9458"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:31:05Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:31:05Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-15780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15780"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15780",
"url": "https://www.suse.com/security/cve/CVE-2020-15780"
},
{
"category": "external",
"summary": "SUSE Bug 1173573 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1173573"
},
{
"category": "external",
"summary": "SUSE Bug 1174186 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1174186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_48-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:31:05Z",
"details": "important"
}
],
"title": "CVE-2020-15780"
}
]
}
SUSE-SU-2020:2513-1
Vulnerability from csaf_suse - Published: 2020-09-04 11:33 - Updated: 2020-09-04 11:33Summary
Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP1)
Description of the patch: This update for the Linux Kernel 4.12.14-197_29 fixes several issues.
The following security issues were fixed:
- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).
- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).
- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).
- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).
- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).
- CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869).
- CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100).
Patchnames: SUSE-2020-2513,SUSE-SLE-Live-Patching-12-SP5-2020-2513,SUSE-SLE-Module-Live-Patching-15-2020-2523,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2529
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-197_29 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).\n- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).\n- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n- CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869).\n- CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2513,SUSE-SLE-Live-Patching-12-SP5-2020-2513,SUSE-SLE-Module-Live-Patching-15-2020-2523,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2529",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2513-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2513-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202513-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2513-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007359.html"
},
{
"category": "self",
"summary": "SUSE Bug 1173100",
"url": "https://bugzilla.suse.com/1173100"
},
{
"category": "self",
"summary": "SUSE Bug 1173659",
"url": "https://bugzilla.suse.com/1173659"
},
{
"category": "self",
"summary": "SUSE Bug 1173869",
"url": "https://bugzilla.suse.com/1173869"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1173963",
"url": "https://bugzilla.suse.com/1173963"
},
{
"category": "self",
"summary": "SUSE Bug 1174186",
"url": "https://bugzilla.suse.com/1174186"
},
{
"category": "self",
"summary": "SUSE Bug 1174247",
"url": "https://bugzilla.suse.com/1174247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14895 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16746 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19447 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9458 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15780 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15780/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP1)",
"tracking": {
"current_release_date": "2020-09-04T11:33:56Z",
"generator": {
"date": "2020-09-04T11:33:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2513-1",
"initial_release_date": "2020-09-04T11:33:56Z",
"revision_history": [
{
"date": "2020-09-04T11:33:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"product_id": "kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14895"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14895",
"url": "https://www.suse.com/security/cve/CVE-2019-14895"
},
{
"category": "external",
"summary": "SUSE Bug 1157042 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1157042"
},
{
"category": "external",
"summary": "SUSE Bug 1157158 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1157158"
},
{
"category": "external",
"summary": "SUSE Bug 1173100 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1173100"
},
{
"category": "external",
"summary": "SUSE Bug 1173660 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1173660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2019-14895"
},
{
"cve": "CVE-2019-16746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16746"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16746",
"url": "https://www.suse.com/security/cve/CVE-2019-16746"
},
{
"category": "external",
"summary": "SUSE Bug 1152107 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1152107"
},
{
"category": "external",
"summary": "SUSE Bug 1173659 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1173659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:56Z",
"details": "moderate"
}
],
"title": "CVE-2019-16746"
},
{
"cve": "CVE-2019-19447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19447"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19447",
"url": "https://www.suse.com/security/cve/CVE-2019-19447"
},
{
"category": "external",
"summary": "SUSE Bug 1158819 for CVE-2019-19447",
"url": "https://bugzilla.suse.com/1158819"
},
{
"category": "external",
"summary": "SUSE Bug 1173869 for CVE-2019-19447",
"url": "https://bugzilla.suse.com/1173869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2019-19447"
},
{
"cve": "CVE-2019-9458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9458"
}
],
"notes": [
{
"category": "general",
"text": "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9458",
"url": "https://www.suse.com/security/cve/CVE-2019-9458"
},
{
"category": "external",
"summary": "SUSE Bug 1168295 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1168295"
},
{
"category": "external",
"summary": "SUSE Bug 1173963 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1173963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2019-9458"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-15780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15780"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15780",
"url": "https://www.suse.com/security/cve/CVE-2020-15780"
},
{
"category": "external",
"summary": "SUSE Bug 1173573 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1173573"
},
{
"category": "external",
"summary": "SUSE Bug 1174186 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1174186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_12-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_29-default-6-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_47-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2020-15780"
}
]
}
SUSE-SU-2020:2524-1
Vulnerability from csaf_suse - Published: 2020-09-04 11:33 - Updated: 2020-09-04 11:33Summary
Security update for the Linux Kernel (Live Patch 18 for SLE 15)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 18 for SLE 15)
Description of the patch: This update for the Linux Kernel 4.12.14-150_52 fixes several issues.
The following security issues were fixed:
- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).
- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).
- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).
- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).
- CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631).
Patchnames: SUSE-2020-2524,SUSE-SLE-Module-Live-Patching-15-2020-2524
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 18 for SLE 15)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-150_52 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).\n- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).\n- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n- CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2524,SUSE-SLE-Module-Live-Patching-15-2020-2524",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2524-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2524-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202524-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2524-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007358.html"
},
{
"category": "self",
"summary": "SUSE Bug 1165631",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "self",
"summary": "SUSE Bug 1173659",
"url": "https://bugzilla.suse.com/1173659"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1174186",
"url": "https://bugzilla.suse.com/1174186"
},
{
"category": "self",
"summary": "SUSE Bug 1174247",
"url": "https://bugzilla.suse.com/1174247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16746 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15780 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1749 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1749/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 18 for SLE 15)",
"tracking": {
"current_release_date": "2020-09-04T11:33:20Z",
"generator": {
"date": "2020-09-04T11:33:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2524-1",
"initial_release_date": "2020-09-04T11:33:20Z",
"revision_history": [
{
"date": "2020-09-04T11:33:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16746"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16746",
"url": "https://www.suse.com/security/cve/CVE-2019-16746"
},
{
"category": "external",
"summary": "SUSE Bug 1152107 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1152107"
},
{
"category": "external",
"summary": "SUSE Bug 1173659 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1173659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-16746"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:20Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:20Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-15780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15780"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15780",
"url": "https://www.suse.com/security/cve/CVE-2020-15780"
},
{
"category": "external",
"summary": "SUSE Bug 1173573 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1173573"
},
{
"category": "external",
"summary": "SUSE Bug 1174186 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1174186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:20Z",
"details": "important"
}
],
"title": "CVE-2020-15780"
},
{
"cve": "CVE-2020-1749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1749"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1749",
"url": "https://www.suse.com/security/cve/CVE-2020-1749"
},
{
"category": "external",
"summary": "SUSE Bug 1165629 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165629"
},
{
"category": "external",
"summary": "SUSE Bug 1165631 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177513"
},
{
"category": "external",
"summary": "SUSE Bug 1189302 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1189302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_52-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:20Z",
"details": "important"
}
],
"title": "CVE-2020-1749"
}
]
}
SUSE-SU-2020:2525-1
Vulnerability from csaf_suse - Published: 2020-09-04 11:33 - Updated: 2020-09-04 11:33Summary
Security update for the Linux Kernel (Live Patch 19 for SLE 15)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 19 for SLE 15)
Description of the patch: This update for the Linux Kernel 4.12.14-150_55 fixes several issues.
The following security issues were fixed:
- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).
- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).
- CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631).
Patchnames: SUSE-2020-2525,SUSE-SLE-Module-Live-Patching-15-2020-2525
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 19 for SLE 15)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-150_55 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n- CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2525,SUSE-SLE-Module-Live-Patching-15-2020-2525",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2525-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2525-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202525-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2525-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007354.html"
},
{
"category": "self",
"summary": "SUSE Bug 1165631",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1174247",
"url": "https://bugzilla.suse.com/1174247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1749 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1749/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 19 for SLE 15)",
"tracking": {
"current_release_date": "2020-09-04T11:33:27Z",
"generator": {
"date": "2020-09-04T11:33:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2525-1",
"initial_release_date": "2020-09-04T11:33:27Z",
"revision_history": [
{
"date": "2020-09-04T11:33:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:27Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:27Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-1749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1749"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1749",
"url": "https://www.suse.com/security/cve/CVE-2020-1749"
},
{
"category": "external",
"summary": "SUSE Bug 1165629 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165629"
},
{
"category": "external",
"summary": "SUSE Bug 1165631 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177513"
},
{
"category": "external",
"summary": "SUSE Bug 1189302 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1189302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_55-default-2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:27Z",
"details": "important"
}
],
"title": "CVE-2020-1749"
}
]
}
SUSE-SU-2020:2526-1
Vulnerability from csaf_suse - Published: 2020-09-04 11:33 - Updated: 2020-09-04 11:33Summary
Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)
Description of the patch: This update for the Linux Kernel 4.12.14-197_18 fixes several issues.
The following security issues were fixed:
- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).
- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).
- CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663).
- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).
- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).
- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).
- CVE-2019-15117: Fixed an OOB memory access in the USB sound mixer (bsc#1173934).
- CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869).
- CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661).
- CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100).
Patchnames: SUSE-2020-2526,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2526
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-197_18 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).\n- CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663).\n- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659).\n- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n- CVE-2019-15117: Fixed an OOB memory access in the USB sound mixer (bsc#1173934).\n- CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869).\n- CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661).\n- CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2526,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2526",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2526-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2526-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202526-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2526-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007365.html"
},
{
"category": "self",
"summary": "SUSE Bug 1173100",
"url": "https://bugzilla.suse.com/1173100"
},
{
"category": "self",
"summary": "SUSE Bug 1173659",
"url": "https://bugzilla.suse.com/1173659"
},
{
"category": "self",
"summary": "SUSE Bug 1173661",
"url": "https://bugzilla.suse.com/1173661"
},
{
"category": "self",
"summary": "SUSE Bug 1173663",
"url": "https://bugzilla.suse.com/1173663"
},
{
"category": "self",
"summary": "SUSE Bug 1173869",
"url": "https://bugzilla.suse.com/1173869"
},
{
"category": "self",
"summary": "SUSE Bug 1173934",
"url": "https://bugzilla.suse.com/1173934"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1173963",
"url": "https://bugzilla.suse.com/1173963"
},
{
"category": "self",
"summary": "SUSE Bug 1174186",
"url": "https://bugzilla.suse.com/1174186"
},
{
"category": "self",
"summary": "SUSE Bug 1174247",
"url": "https://bugzilla.suse.com/1174247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-0155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-0155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14895 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14901 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15117 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16746 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19447 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9458 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15780 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15780/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)",
"tracking": {
"current_release_date": "2020-09-04T11:33:34Z",
"generator": {
"date": "2020-09-04T11:33:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2526-1",
"initial_release_date": "2020-09-04T11:33:34Z",
"revision_history": [
{
"date": "2020-09-04T11:33:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-0155"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-0155",
"url": "https://www.suse.com/security/cve/CVE-2019-0155"
},
{
"category": "external",
"summary": "SUSE Bug 1135966 for CVE-2019-0155",
"url": "https://bugzilla.suse.com/1135966"
},
{
"category": "external",
"summary": "SUSE Bug 1135967 for CVE-2019-0155",
"url": "https://bugzilla.suse.com/1135967"
},
{
"category": "external",
"summary": "SUSE Bug 1173663 for CVE-2019-0155",
"url": "https://bugzilla.suse.com/1173663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2019-0155"
},
{
"cve": "CVE-2019-14895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14895"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14895",
"url": "https://www.suse.com/security/cve/CVE-2019-14895"
},
{
"category": "external",
"summary": "SUSE Bug 1157042 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1157042"
},
{
"category": "external",
"summary": "SUSE Bug 1157158 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1157158"
},
{
"category": "external",
"summary": "SUSE Bug 1173100 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1173100"
},
{
"category": "external",
"summary": "SUSE Bug 1173660 for CVE-2019-14895",
"url": "https://bugzilla.suse.com/1173660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2019-14895"
},
{
"cve": "CVE-2019-14901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14901"
}
],
"notes": [
{
"category": "general",
"text": "A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14901",
"url": "https://www.suse.com/security/cve/CVE-2019-14901"
},
{
"category": "external",
"summary": "SUSE Bug 1157042 for CVE-2019-14901",
"url": "https://bugzilla.suse.com/1157042"
},
{
"category": "external",
"summary": "SUSE Bug 1173661 for CVE-2019-14901",
"url": "https://bugzilla.suse.com/1173661"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2019-14901"
},
{
"cve": "CVE-2019-15117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15117"
}
],
"notes": [
{
"category": "general",
"text": "parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15117",
"url": "https://www.suse.com/security/cve/CVE-2019-15117"
},
{
"category": "external",
"summary": "SUSE Bug 1145920 for CVE-2019-15117",
"url": "https://bugzilla.suse.com/1145920"
},
{
"category": "external",
"summary": "SUSE Bug 1173934 for CVE-2019-15117",
"url": "https://bugzilla.suse.com/1173934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2019-15117"
},
{
"cve": "CVE-2019-16746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16746"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16746",
"url": "https://www.suse.com/security/cve/CVE-2019-16746"
},
{
"category": "external",
"summary": "SUSE Bug 1152107 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1152107"
},
{
"category": "external",
"summary": "SUSE Bug 1173659 for CVE-2019-16746",
"url": "https://bugzilla.suse.com/1173659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "moderate"
}
],
"title": "CVE-2019-16746"
},
{
"cve": "CVE-2019-19447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19447"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19447",
"url": "https://www.suse.com/security/cve/CVE-2019-19447"
},
{
"category": "external",
"summary": "SUSE Bug 1158819 for CVE-2019-19447",
"url": "https://bugzilla.suse.com/1158819"
},
{
"category": "external",
"summary": "SUSE Bug 1173869 for CVE-2019-19447",
"url": "https://bugzilla.suse.com/1173869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2019-19447"
},
{
"cve": "CVE-2019-9458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9458"
}
],
"notes": [
{
"category": "general",
"text": "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9458",
"url": "https://www.suse.com/security/cve/CVE-2019-9458"
},
{
"category": "external",
"summary": "SUSE Bug 1168295 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1168295"
},
{
"category": "external",
"summary": "SUSE Bug 1173963 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1173963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2019-9458"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-15780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15780"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15780",
"url": "https://www.suse.com/security/cve/CVE-2020-15780"
},
{
"category": "external",
"summary": "SUSE Bug 1173573 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1173573"
},
{
"category": "external",
"summary": "SUSE Bug 1174186 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1174186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_18-default-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:33:34Z",
"details": "important"
}
],
"title": "CVE-2020-15780"
}
]
}
SUSE-SU-2020:2531-1
Vulnerability from csaf_suse - Published: 2020-09-04 11:34 - Updated: 2020-09-04 11:34Summary
Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1)
Description of the patch: This update for the Linux Kernel 4.12.14-197_37 fixes several issues.
The following security issues were fixed:
- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).
- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).
- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).
- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).
Patchnames: SUSE-2020-2531,SUSE-SLE-Live-Patching-12-SP5-2020-2514,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2530,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2531
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-197_37 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247).\n- CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186).\n- CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963).\n- CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2531,SUSE-SLE-Live-Patching-12-SP5-2020-2514,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2530,SUSE-SLE-Module-Live-Patching-15-SP1-2020-2531",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2531-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2531-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202531-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2531-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007353.html"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1173963",
"url": "https://bugzilla.suse.com/1173963"
},
{
"category": "self",
"summary": "SUSE Bug 1174186",
"url": "https://bugzilla.suse.com/1174186"
},
{
"category": "self",
"summary": "SUSE Bug 1174247",
"url": "https://bugzilla.suse.com/1174247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9458 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15780 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15780/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1)",
"tracking": {
"current_release_date": "2020-09-04T11:34:09Z",
"generator": {
"date": "2020-09-04T11:34:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2531-1",
"initial_release_date": "2020-09-04T11:34:09Z",
"revision_history": [
{
"date": "2020-09-04T11:34:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"product_id": "kgraft-patch-4_12_14-122_17-default-5-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"product_id": "kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP1",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9458"
}
],
"notes": [
{
"category": "general",
"text": "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9458",
"url": "https://www.suse.com/security/cve/CVE-2019-9458"
},
{
"category": "external",
"summary": "SUSE Bug 1168295 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1168295"
},
{
"category": "external",
"summary": "SUSE Bug 1173963 for CVE-2019-9458",
"url": "https://bugzilla.suse.com/1173963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:34:09Z",
"details": "important"
}
],
"title": "CVE-2019-9458"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:34:09Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:34:09Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-15780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15780"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15780",
"url": "https://www.suse.com/security/cve/CVE-2020-15780"
},
{
"category": "external",
"summary": "SUSE Bug 1173573 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1173573"
},
{
"category": "external",
"summary": "SUSE Bug 1174186 for CVE-2020-15780",
"url": "https://bugzilla.suse.com/1174186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_17-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_34-default-5-2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_37-default-5-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-04T11:34:09Z",
"details": "important"
}
],
"title": "CVE-2020-15780"
}
]
}
SUSE-SU-2020:3178-1
Vulnerability from csaf_suse - Published: 2020-11-05 13:49 - Updated: 2020-11-05 13:49Summary
Security update for the Linux Kernel (Live Patch 20 for SLE 15)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 20 for SLE 15)
Description of the patch: This update for the Linux Kernel 4.12.14-150_58 fixes several issues.
The following security issues were fixed:
- CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).
- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722)
- CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).
- CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952).
Patchnames: SUSE-2020-3178,SUSE-SLE-Module-Live-Patching-15-2020-3178
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 20 for SLE 15)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-150_58 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).\n- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722)\n- CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).\n- CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3178,SUSE-SLE-Module-Live-Patching-15-2020-3178",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3178-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3178-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3178-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007706.html"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1176012",
"url": "https://bugzilla.suse.com/1176012"
},
{
"category": "self",
"summary": "SUSE Bug 1176382",
"url": "https://bugzilla.suse.com/1176382"
},
{
"category": "self",
"summary": "SUSE Bug 1176896",
"url": "https://bugzilla.suse.com/1176896"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0431 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0431/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14381 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25212 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25212/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 20 for SLE 15)",
"tracking": {
"current_release_date": "2020-11-05T13:49:07Z",
"generator": {
"date": "2020-11-05T13:49:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3178-1",
"initial_release_date": "2020-11-05T13:49:07Z",
"revision_history": [
{
"date": "2020-11-05T13:49:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"product_id": "kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64",
"product_id": "kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0431"
}
],
"notes": [
{
"category": "general",
"text": "In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0431",
"url": "https://www.suse.com/security/cve/CVE-2020-0431"
},
{
"category": "external",
"summary": "SUSE Bug 1176722 for CVE-2020-0431",
"url": "https://bugzilla.suse.com/1176722"
},
{
"category": "external",
"summary": "SUSE Bug 1176896 for CVE-2020-0431",
"url": "https://bugzilla.suse.com/1176896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T13:49:07Z",
"details": "important"
}
],
"title": "CVE-2020-0431"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T13:49:07Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14381"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14381",
"url": "https://www.suse.com/security/cve/CVE-2020-14381"
},
{
"category": "external",
"summary": "SUSE Bug 1176011 for CVE-2020-14381",
"url": "https://bugzilla.suse.com/1176011"
},
{
"category": "external",
"summary": "SUSE Bug 1176012 for CVE-2020-14381",
"url": "https://bugzilla.suse.com/1176012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T13:49:07Z",
"details": "important"
}
],
"title": "CVE-2020-14381"
},
{
"cve": "CVE-2020-25212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25212"
}
],
"notes": [
{
"category": "general",
"text": "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25212",
"url": "https://www.suse.com/security/cve/CVE-2020-25212"
},
{
"category": "external",
"summary": "SUSE Bug 1176381 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176381"
},
{
"category": "external",
"summary": "SUSE Bug 1176382 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176382"
},
{
"category": "external",
"summary": "SUSE Bug 1177027 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1177027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_58-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T13:49:07Z",
"details": "important"
}
],
"title": "CVE-2020-25212"
}
]
}
SUSE-SU-2020:3219-1
Vulnerability from csaf_suse - Published: 2020-11-06 14:33 - Updated: 2020-11-06 14:33Summary
Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3)
Description of the patch: This update for the Linux Kernel 4.4.180-94_130 fixes several issues.
The following security issues were fixed:
- CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724)
- CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).
- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722)
- CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).
- CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952).
- CVE-2020-1749: A flaw was found in the implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link, rather sending the data unencrypted. This would have allowed anyone in between the two endpoints to read the traffic unencrypted. (bsc#1165629)
Patchnames: SUSE-2020-3219,SUSE-SLE-SAP-12-SP2-2020-3226,SUSE-SLE-SAP-12-SP3-2020-3219,SUSE-SLE-SERVER-12-SP2-2020-3226,SUSE-SLE-SERVER-12-SP3-2020-3219
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.180-94_130 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724)\n- CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).\n- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722)\n- CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).\n- CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952).\n- CVE-2020-1749: A flaw was found in the implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link, rather sending the data unencrypted. This would have allowed anyone in between the two endpoints to read the traffic unencrypted. (bsc#1165629)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3219,SUSE-SLE-SAP-12-SP2-2020-3226,SUSE-SLE-SAP-12-SP3-2020-3219,SUSE-SLE-SERVER-12-SP2-2020-3226,SUSE-SLE-SERVER-12-SP3-2020-3219",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3219-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3219-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203219-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3219-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007728.html"
},
{
"category": "self",
"summary": "SUSE Bug 1165631",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1176012",
"url": "https://bugzilla.suse.com/1176012"
},
{
"category": "self",
"summary": "SUSE Bug 1176382",
"url": "https://bugzilla.suse.com/1176382"
},
{
"category": "self",
"summary": "SUSE Bug 1176896",
"url": "https://bugzilla.suse.com/1176896"
},
{
"category": "self",
"summary": "SUSE Bug 1176931",
"url": "https://bugzilla.suse.com/1176931"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0429 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0431 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0431/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14381 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1749 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25212 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25212/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3)",
"tracking": {
"current_release_date": "2020-11-06T14:33:51Z",
"generator": {
"date": "2020-11-06T14:33:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3219-1",
"initial_release_date": "2020-11-06T14:33:51Z",
"revision_history": [
{
"date": "2020-11-06T14:33:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"product_id": "kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"product_id": "kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"product_id": "kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"product_id": "kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0429"
}
],
"notes": [
{
"category": "general",
"text": "In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0429",
"url": "https://www.suse.com/security/cve/CVE-2020-0429"
},
{
"category": "external",
"summary": "SUSE Bug 1176724 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1176724"
},
{
"category": "external",
"summary": "SUSE Bug 1176931 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1176931"
},
{
"category": "external",
"summary": "SUSE Bug 1188026 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1188026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:33:51Z",
"details": "important"
}
],
"title": "CVE-2020-0429"
},
{
"cve": "CVE-2020-0431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0431"
}
],
"notes": [
{
"category": "general",
"text": "In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0431",
"url": "https://www.suse.com/security/cve/CVE-2020-0431"
},
{
"category": "external",
"summary": "SUSE Bug 1176722 for CVE-2020-0431",
"url": "https://bugzilla.suse.com/1176722"
},
{
"category": "external",
"summary": "SUSE Bug 1176896 for CVE-2020-0431",
"url": "https://bugzilla.suse.com/1176896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:33:51Z",
"details": "important"
}
],
"title": "CVE-2020-0431"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:33:51Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-14381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14381"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14381",
"url": "https://www.suse.com/security/cve/CVE-2020-14381"
},
{
"category": "external",
"summary": "SUSE Bug 1176011 for CVE-2020-14381",
"url": "https://bugzilla.suse.com/1176011"
},
{
"category": "external",
"summary": "SUSE Bug 1176012 for CVE-2020-14381",
"url": "https://bugzilla.suse.com/1176012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:33:51Z",
"details": "important"
}
],
"title": "CVE-2020-14381"
},
{
"cve": "CVE-2020-1749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1749"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1749",
"url": "https://www.suse.com/security/cve/CVE-2020-1749"
},
{
"category": "external",
"summary": "SUSE Bug 1165629 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165629"
},
{
"category": "external",
"summary": "SUSE Bug 1165631 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177513"
},
{
"category": "external",
"summary": "SUSE Bug 1189302 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1189302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:33:51Z",
"details": "important"
}
],
"title": "CVE-2020-1749"
},
{
"cve": "CVE-2020-25212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25212"
}
],
"notes": [
{
"category": "general",
"text": "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25212",
"url": "https://www.suse.com/security/cve/CVE-2020-25212"
},
{
"category": "external",
"summary": "SUSE Bug 1176381 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176381"
},
{
"category": "external",
"summary": "SUSE Bug 1176382 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176382"
},
{
"category": "external",
"summary": "SUSE Bug 1177027 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1177027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_141-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_130-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:33:51Z",
"details": "important"
}
],
"title": "CVE-2020-25212"
}
]
}
SUSE-SU-2020:3648-1
Vulnerability from csaf_suse - Published: 2020-12-07 16:24 - Updated: 2020-12-07 16:24Summary
Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.121-92_146 fixes several issues.
The following security issues were fixed:
- CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622).
- CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513).
- CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931).
- CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942).
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631).
Patchnames: SUSE-2020-3648,SUSE-SLE-SAP-12-SP2-2020-3648,SUSE-SLE-SERVER-12-SP2-2020-3648
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.121-92_146 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622).\n- CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513).\n- CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931).\n- CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942).\n- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3648,SUSE-SLE-SAP-12-SP2-2020-3648,SUSE-SLE-SERVER-12-SP2-2020-3648",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3648-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3648-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203648-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3648-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007924.html"
},
{
"category": "self",
"summary": "SUSE Bug 1165631",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1176931",
"url": "https://bugzilla.suse.com/1176931"
},
{
"category": "self",
"summary": "SUSE Bug 1177513",
"url": "https://bugzilla.suse.com/1177513"
},
{
"category": "self",
"summary": "SUSE Bug 1178622",
"url": "https://bugzilla.suse.com/1178622"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0429 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1749 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25645 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25668/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2020-12-07T16:24:47Z",
"generator": {
"date": "2020-12-07T16:24:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3648-1",
"initial_release_date": "2020-12-07T16:24:47Z",
"revision_history": [
{
"date": "2020-12-07T16:24:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"product_id": "kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"product_id": "kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0429"
}
],
"notes": [
{
"category": "general",
"text": "In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0429",
"url": "https://www.suse.com/security/cve/CVE-2020-0429"
},
{
"category": "external",
"summary": "SUSE Bug 1176724 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1176724"
},
{
"category": "external",
"summary": "SUSE Bug 1176931 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1176931"
},
{
"category": "external",
"summary": "SUSE Bug 1188026 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1188026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:24:47Z",
"details": "important"
}
],
"title": "CVE-2020-0429"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:24:47Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-1749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1749"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1749",
"url": "https://www.suse.com/security/cve/CVE-2020-1749"
},
{
"category": "external",
"summary": "SUSE Bug 1165629 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165629"
},
{
"category": "external",
"summary": "SUSE Bug 1165631 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177513"
},
{
"category": "external",
"summary": "SUSE Bug 1189302 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1189302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:24:47Z",
"details": "important"
}
],
"title": "CVE-2020-1749"
},
{
"cve": "CVE-2020-25645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25645"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25645",
"url": "https://www.suse.com/security/cve/CVE-2020-25645"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-25645",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-25645",
"url": "https://bugzilla.suse.com/1177513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:24:47Z",
"details": "important"
}
],
"title": "CVE-2020-25645"
},
{
"cve": "CVE-2020-25668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25668"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25668",
"url": "https://www.suse.com/security/cve/CVE-2020-25668"
},
{
"category": "external",
"summary": "SUSE Bug 1178123 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178123"
},
{
"category": "external",
"summary": "SUSE Bug 1178622 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178622"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_146-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:24:47Z",
"details": "important"
}
],
"title": "CVE-2020-25668"
}
]
}
SUSE-SU-2020:3656-1
Vulnerability from csaf_suse - Published: 2020-12-07 16:27 - Updated: 2020-12-07 16:27Summary
Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3)
Description of the patch: This update for the Linux Kernel 4.4.180-94_135 fixes several issues.
The following security issues were fixed:
- CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513).
- CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931).
- CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942).
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631).
Patchnames: SUSE-2020-3656,SUSE-SLE-SAP-12-SP3-2020-3656,SUSE-SLE-SERVER-12-SP3-2020-3656
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.180-94_135 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513).\n- CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931).\n- CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942).\n- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3656,SUSE-SLE-SAP-12-SP3-2020-3656,SUSE-SLE-SERVER-12-SP3-2020-3656",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3656-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3656-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007925.html"
},
{
"category": "self",
"summary": "SUSE Bug 1165631",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "self",
"summary": "SUSE Bug 1173942",
"url": "https://bugzilla.suse.com/1173942"
},
{
"category": "self",
"summary": "SUSE Bug 1176931",
"url": "https://bugzilla.suse.com/1176931"
},
{
"category": "self",
"summary": "SUSE Bug 1177513",
"url": "https://bugzilla.suse.com/1177513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0429 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1749 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25645 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25645/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3)",
"tracking": {
"current_release_date": "2020-12-07T16:27:31Z",
"generator": {
"date": "2020-12-07T16:27:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3656-1",
"initial_release_date": "2020-12-07T16:27:31Z",
"revision_history": [
{
"date": "2020-12-07T16:27:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"product_id": "kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"product_id": "kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0429"
}
],
"notes": [
{
"category": "general",
"text": "In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0429",
"url": "https://www.suse.com/security/cve/CVE-2020-0429"
},
{
"category": "external",
"summary": "SUSE Bug 1176724 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1176724"
},
{
"category": "external",
"summary": "SUSE Bug 1176931 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1176931"
},
{
"category": "external",
"summary": "SUSE Bug 1188026 for CVE-2020-0429",
"url": "https://bugzilla.suse.com/1188026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:27:31Z",
"details": "important"
}
],
"title": "CVE-2020-0429"
},
{
"cve": "CVE-2020-11668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11668",
"url": "https://www.suse.com/security/cve/CVE-2020-11668"
},
{
"category": "external",
"summary": "SUSE Bug 1168952 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1168952"
},
{
"category": "external",
"summary": "SUSE Bug 1173942 for CVE-2020-11668",
"url": "https://bugzilla.suse.com/1173942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:27:31Z",
"details": "important"
}
],
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-1749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1749"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1749",
"url": "https://www.suse.com/security/cve/CVE-2020-1749"
},
{
"category": "external",
"summary": "SUSE Bug 1165629 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165629"
},
{
"category": "external",
"summary": "SUSE Bug 1165631 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1165631"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1177513"
},
{
"category": "external",
"summary": "SUSE Bug 1189302 for CVE-2020-1749",
"url": "https://bugzilla.suse.com/1189302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:27:31Z",
"details": "important"
}
],
"title": "CVE-2020-1749"
},
{
"cve": "CVE-2020-25645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25645"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25645",
"url": "https://www.suse.com/security/cve/CVE-2020-25645"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-25645",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-25645",
"url": "https://bugzilla.suse.com/1177513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kgraft-patch-4_4_180-94_135-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T16:27:31Z",
"details": "important"
}
],
"title": "CVE-2020-25645"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…