Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-25211 (GCVE-0-2020-25211)
Vulnerability from cvelistv5 – Published: 2020-09-09 15:51 – Updated: 2024-08-04 15:33
VLAI
EPSS
Summary
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
Severity
6.0 (Medium)
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://twitter.com/grsecurity/status/13036464211… | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2020100… | x_refsource_CONFIRM |
| https://www.debian.org/security/2020/dsa-4774 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"name": "FEDORA-2020-5920a7a0b2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/"
},
{
"name": "FEDORA-2020-3c6fedeb83",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0001/"
},
{
"name": "DSA-4774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-31T17:06:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"name": "FEDORA-2020-5920a7a0b2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/"
},
{
"name": "FEDORA-2020-3c6fedeb83",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0001/"
},
{
"name": "DSA-4774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/grsecurity/status/1303646421158109185",
"refsource": "MISC",
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"name": "FEDORA-2020-5920a7a0b2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/"
},
{
"name": "FEDORA-2020-3c6fedeb83",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201009-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201009-0001/"
},
{
"name": "DSA-4774",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25211",
"datePublished": "2020-09-09T15:51:41.000Z",
"dateReserved": "2020-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-25211",
"date": "2026-06-04",
"epss": "0.00041",
"percentile": "0.12775"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-25211\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-09-09T16:15:12.003\",\"lastModified\":\"2024-11-21T05:17:39.757\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux versiones hasta 5.8.7, los atacantes locales capaces de inyectar la configuraci\u00f3n netlink de conntrack podr\u00edan desbordar un b\u00fafer local, causando bloqueos o desencadenando el uso de n\u00fameros de protocolo incorrectos en la funci\u00f3n ctnetlink_parse_tuple_filter en el archivo net/netfilter/nf_conntrack_netlink.c, tambi\u00e9n se conoce como CID-1cc5ef91d2ff.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.8.7\",\"matchCriteriaId\":\"B6CF1CDD-CE9F-4E08-A18C-F81E9A62F6E2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201009-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/grsecurity/status/1303646421158109185\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4774\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201009-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/grsecurity/status/1303646421158109185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-371
Vulnerability from certfr_avis - Published: 2021-05-14 - Updated: 2021-05-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.7 x86_64 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
}
],
"initial_release_date": "2021-05-14T00:00:00",
"last_revision_date": "2021-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-371",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:1531 du 11 mai 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:1531"
}
]
}
CERTFR-2021-AVI-451
Vulnerability from certfr_avis - Published: 2021-06-10 - Updated: 2021-06-10
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.3 x86_64 | ||
| Red Hat | N/A | Red Hat Virtualization Host 4 for RHEL 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Scientific Computing 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian 7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 7 x86_64 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.3 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Virtualization Host 4 for RHEL 7 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Scientific Computing 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Workstation 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian 7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
}
],
"initial_release_date": "2021-06-10T00:00:00",
"last_revision_date": "2021-06-10T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-451",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:2314 du 08 juin 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:2314"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:2355 du 09 juin 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:2355"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:2293 du 08 juin 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:2293"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:2316 du 08 juin 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:2316"
}
]
}
CERTFR-2021-AVI-638
Vulnerability from certfr_avis - Published: 2021-08-18 - Updated: 2021-08-18
De multiples vulnérabilités ont été découvertes dans Juniper Junos Space. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Junos Space versions antérieures à 21.2R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 21.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-25215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
},
{
"name": "CVE-2020-16092",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16092"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2020-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15862"
},
{
"name": "CVE-2020-13765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13765"
},
{
"name": "CVE-2021-20305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
},
{
"name": "CVE-2020-1472",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2020-14318",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14318"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2021-26937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26937"
},
{
"name": "CVE-2021-27803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27803"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2020-12723",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
},
{
"name": "CVE-2021-20277",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20277"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
}
],
"initial_release_date": "2021-08-18T00:00:00",
"last_revision_date": "2021-08-18T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-638",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Junos\nSpace. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11206 du 17 ao\u00fbt 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11206\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2022-AVI-916
Vulnerability from certfr_avis - Published: 2022-10-13 - Updated: 2022-10-13
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antérieures à R22.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions antérieures à 3.1.1 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.2R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO | ||
| Juniper Networks | N/A | Contrail Networking versions antérieures à 2011.L5 | ||
| Juniper Networks | N/A | Steel Belted Radius Carrier Edition versions antérieures à 8.6.0R16 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à 5.4.7 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions 5.5.x antérieures à 5.5.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antérieures à 3.2.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Steel Belted Radius Carrier Edition versions ant\u00e9rieures \u00e0 8.6.0R16",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 5.4.7",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 5.5.x ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22243"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2022-22238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22238"
},
{
"name": "CVE-2022-22249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22249"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22227"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2022-22208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22208"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22201"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2018-20532",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20532"
},
{
"name": "CVE-2022-22246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22246"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2022-22250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22250"
},
{
"name": "CVE-2022-22192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22192"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2022-22239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22239"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22241"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2019-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-22226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22226"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2022-22229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22229"
},
{
"name": "CVE-2018-20534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20534"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22225"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2022-22245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22245"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2018-10689",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10689"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2022-22232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22232"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-22240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22240"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22234"
},
{
"name": "CVE-2022-22242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2022-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22251"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2022-22244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22244"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2022-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22233"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-45417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45417"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2018-20533",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20533"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2022-22224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22224"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22247"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2022-22199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22199"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-22236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22236"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2022-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22248"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-22220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22220"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22228"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2022-22223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22223"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-2684",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2684"
},
{
"name": "CVE-2021-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0543"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2022-22231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22231"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22235"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-22211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22211"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2022-22230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22230"
},
{
"name": "CVE-2022-22237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22237"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
}
],
"initial_release_date": "2022-10-13T00:00:00",
"last_revision_date": "2022-10-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-916",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69906",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-might-be-seen-due-to-mac-moves-within-the-same-bridge-domain-CVE-2022-22249"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69885",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69888",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69886",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-Unified-Threat-Management-UTM-Enhanced-Content-Filtering-CF-is-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22232"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69899",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69881",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-SBR-Carrier-Multiple-Vulnerabilities-resolved-in-version-8-6-0R16-64-bit-Solaris-and-Linux-editions"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69894",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-rpd-process-will-crash-when-a-malformed-incoming-RESV-message-is-processed-CVE-2022-22238"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69898",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-core-upon-receipt-of-a-specific-EVPN-route-by-a-BGP-route-reflector-in-an-EVPN-environment-CVE-2022-22199"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69895",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-The-ssh-CLI-command-always-runs-as-root-which-can-lead-to-privilege-escalation-CVE-2022-22239"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69908",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-cSRX-Series-Storing-Passwords-in-a-Recoverable-Format-and-software-permissions-issues-allows-a-local-attacker-to-elevate-privileges-CVE-2022-22251"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69874",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PPMD-goes-into-infinite-loop-upon-receipt-of-malformed-OSPF-TLV-CVE-2022-22224"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69902",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Due-to-a-race-condition-the-rpd-process-can-crash-upon-receipt-of-a-BGP-update-message-containing-flow-spec-route-CVE-2022-22220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69879",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-can-occur-due-to-memory-corruption-caused-by-flapping-BGP-sessions-CVE-2022-22208"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69890",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX2300-and-EX3400-Series-One-of-more-SFPs-might-become-unavailable-when-the-system-is-very-busy-CVE-2022-22234"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69875",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-multipath-scenario-when-one-of-the-contributing-routes-is-flapping-often-and-rapidly-rpd-may-crash-CVE-2022-22225"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69915",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-An-attacker-can-cause-a-kernel-panic-by-sending-a-malformed-TCP-packet-to-the-device-CVE-2022-22192"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69878",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Specific-IPv6-transit-traffic-gets-exceptioned-to-the-routing-engine-which-will-cause-increased-CPU-utilization-CVE-2022-22227"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69907",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-FPC-might-crash-and-reload-if-the-EVPN-MAC-entry-is-move-from-local-to-remote-CVE-2022-22250"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69891",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-will-be-observed-when-malformed-GPRS-traffic-is-processed-CVE-2022-22235"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69882",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69876",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX4300-MP-EX4600-QFX5000-Series-In-VxLAN-scenarios-specific-packets-processed-cause-a-memory-leak-leading-to-a-PFE-crash-CVE-2022-22226"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69892",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-When-specific-valid-SIP-packets-are-received-the-PFE-will-crash-CVE-2022-22236"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69889",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69887",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-SR-to-LDP-interworking-scenario-with-SRMS-when-a-specific-low-privileged-command-is-issued-on-an-ABR-rpd-will-crash-CVE-2022-22233"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69900",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX5000-Series-with-SPC3-SRX4000-Series-and-vSRX-When-PowerMode-IPsec-is-configured-the-PFE-will-crash-upon-receipt-of-a-malformed-ESP-packet-CVE-2022-22201"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69884",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-specific-OSPFv3-LSAs-CVE-2022-22230"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69901",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Upon-processing-of-a-genuine-packet-the-pkid-process-will-crash-during-CMPv2-auto-re-enrollment-CVE-2022-22218"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69905",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Incorrect-file-permissions-can-allow-low-privileged-user-to-cause-another-user-to-execute-arbitrary-commands-CVE-2022-22248"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69893",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Peers-not-configured-for-TCP-AO-can-establish-a-BGP-or-LDP-session-even-if-authentication-is-configured-locally-CVE-2022-22237"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69904",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Kernel-processing-of-unvalidated-TCP-segments-could-lead-to-a-Denial-of-Service-DoS-CVE-2022-22247"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69880",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-On-IPv6-OAM-SRv6-network-enabled-devices-an-attacker-sending-a-specific-genuine-packet-to-an-IPv6-address-configured-on-the-device-may-cause-a-RPD-memory-leak-leading-to-an-RPD-core-CVE-2022-22228"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69873",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-QFX10000-Series-In-IP-MPLS-PHP-node-scenarios-upon-receipt-of-certain-crafted-packets-multiple-interfaces-in-LAG-configurations-may-detach-CVE-2022-22223"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69896",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-memory-leak-might-be-observed-while-running-a-specific-cli-command-in-a-RIB-sharding-scenario-CVE-2022-22240"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69897",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L5"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69916",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-Multiple-FPCs-become-unreachable-due-to-continuous-polling-of-specific-SNMP-OID-CVE-2022-22211"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69883",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Paragon-Active-Assurance-Formerly-Netrounds-Stored-Cross-site-Scripting-XSS-vulnerability-in-web-administration-CVE-2022-22229"
}
]
}
Title
Linux kernel netfilter缓冲区溢出漏洞
Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。netfilter是一款使用在Linux系统中的数据包过滤框架。
Linux kernel netfilter 5.8.7版本中缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Severity
中
Patch Name
Linux kernel netfilter缓冲区溢出漏洞的补丁
Patch Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。netfilter是一款使用在Linux系统中的数据包过滤框架。
Linux kernel netfilter 5.8.7版本中缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
Reference
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
Impacted products
| Name | Linux Linux kernel 5.8.7 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-25211",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-25211"
}
},
"description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002netfilter\u662f\u4e00\u6b3e\u4f7f\u7528\u5728Linux\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u6846\u67b6\u3002\n\nLinux kernel netfilter 5.8.7\u7248\u672c\u4e2d\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-52619",
"openTime": "2020-09-18",
"patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002netfilter\u662f\u4e00\u6b3e\u4f7f\u7528\u5728Linux\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u5305\u8fc7\u6ee4\u6846\u67b6\u3002\r\n\r\nLinux kernel netfilter 5.8.7\u7248\u672c\u4e2d\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel netfilter\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Linux Linux kernel 5.8.7"
},
"referenceLink": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6",
"serverity": "\u4e2d",
"submitTime": "2020-09-11",
"title": "Linux kernel netfilter\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2020-25211
Vulnerability from fkie_nvd - Published: 2020-09-09 16:15 - Updated: 2024-11-21 05:17
Severity
Summary
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 | Exploit, Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/ | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20201009-0001/ | Third Party Advisory | |
| cve@mitre.org | https://twitter.com/grsecurity/status/1303646421158109185 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4774 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 | Exploit, Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20201009-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/grsecurity/status/1303646421158109185 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4774 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CF1CDD-CE9F-4E08-A18C-F81E9A62F6E2",
"versionEndIncluding": "5.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff."
},
{
"lang": "es",
"value": "En el kernel de Linux versiones hasta 5.8.7, los atacantes locales capaces de inyectar la configuraci\u00f3n netlink de conntrack podr\u00edan desbordar un b\u00fafer local, causando bloqueos o desencadenando el uso de n\u00fameros de protocolo incorrectos en la funci\u00f3n ctnetlink_parse_tuple_filter en el archivo net/netfilter/nf_conntrack_netlink.c, tambi\u00e9n se conoce como CID-1cc5ef91d2ff."
}
],
"id": "CVE-2020-25211",
"lastModified": "2024-11-21T05:17:39.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-09T16:15:12.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-Q7G7-FMMR-XHP8
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-11-16 19:00
VLAI
Details
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
Severity
6.0 (Medium)
{
"affected": [],
"aliases": [
"CVE-2020-25211"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-09T16:15:00Z",
"severity": "LOW"
},
"details": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.",
"id": "GHSA-q7g7-fmmr-xhp8",
"modified": "2022-11-16T19:00:32Z",
"published": "2022-05-24T17:27:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25211"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201009-0001"
},
{
"type": "WEB",
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4774"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-25211
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-25211",
"description": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.",
"id": "GSD-2020-25211",
"references": [
"https://www.suse.com/security/cve/CVE-2020-25211.html",
"https://www.debian.org/security/2020/dsa-4774",
"https://access.redhat.com/errata/RHSA-2021:2355",
"https://access.redhat.com/errata/RHSA-2021:2164",
"https://access.redhat.com/errata/RHSA-2021:1531",
"https://access.redhat.com/errata/RHSA-2021:0857",
"https://access.redhat.com/errata/RHSA-2021:0856",
"https://access.redhat.com/errata/RHSA-2021:0774",
"https://access.redhat.com/errata/RHSA-2021:0765",
"https://access.redhat.com/errata/RHSA-2021:0763",
"https://access.redhat.com/errata/RHSA-2021:0189",
"https://access.redhat.com/errata/RHSA-2021:0184",
"https://access.redhat.com/errata/RHSA-2021:0004",
"https://access.redhat.com/errata/RHSA-2021:0003",
"https://ubuntu.com/security/CVE-2020-25211",
"https://advisories.mageia.org/CVE-2020-25211.html",
"https://alas.aws.amazon.com/cve/html/CVE-2020-25211.html",
"https://linux.oracle.com/cve/CVE-2020-25211.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-25211"
],
"details": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.",
"id": "GSD-2020-25211",
"modified": "2023-12-13T01:21:57.099142Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/grsecurity/status/1303646421158109185",
"refsource": "MISC",
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"name": "FEDORA-2020-5920a7a0b2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/"
},
{
"name": "FEDORA-2020-3c6fedeb83",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201009-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201009-0001/"
},
{
"name": "DSA-4774",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25211"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6",
"refsource": "MISC",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6"
},
{
"name": "https://twitter.com/grsecurity/status/1303646421158109185",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/grsecurity/status/1303646421158109185"
},
{
"name": "FEDORA-2020-5920a7a0b2",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLDYVOM4OS55HA45Y3UEVLDHYGFXPZUX/"
},
{
"name": "FEDORA-2020-3c6fedeb83",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL2O4JAMPJG4YMLLJ7JFDHDJRXN4RKTC/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201009-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0001/"
},
{
"name": "DSA-4774",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-11-16T15:08Z",
"publishedDate": "2020-09-09T16:15Z"
}
}
}
MSRC_CVE-2020-25211
Vulnerability from csaf_microsoft - Published: 2020-09-02 00:00 - Updated: 2020-09-17 00:00Summary
In the Linux kernel through 5.8.7 local attackers able to inject conntrack netlink configuration could overflow a local buffer causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c aka CID-1cc5ef91d2ff.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17036-16820 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16820-1 | — |
Vendor Fix
fix
|
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2020-25211 In the Linux kernel through 5.8.7 local attackers able to inject conntrack netlink configuration could overflow a local buffer causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c aka CID-1cc5ef91d2ff. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-25211.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "In the Linux kernel through 5.8.7 local attackers able to inject conntrack netlink configuration could overflow a local buffer causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c aka CID-1cc5ef91d2ff.",
"tracking": {
"current_release_date": "2020-09-17T00:00:00.000Z",
"generator": {
"date": "2025-12-27T21:06:47.751Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2020-25211",
"initial_release_date": "2020-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2020-09-17T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 kernel 5.4.91-3",
"product": {
"name": "\u003ccm1 kernel 5.4.91-3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 kernel 5.4.91-3",
"product": {
"name": "cm1 kernel 5.4.91-3",
"product_id": "17036"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 kernel 5.4.91-3 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 kernel 5.4.91-3 as a component of CBL Mariner 1.0",
"product_id": "17036-16820"
},
"product_reference": "17036",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17036-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-25211 In the Linux kernel through 5.8.7 local attackers able to inject conntrack netlink configuration could overflow a local buffer causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c aka CID-1cc5ef91d2ff. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-25211.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T00:00:00.000Z",
"details": "5.4.91-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 6.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "In the Linux kernel through 5.8.7 local attackers able to inject conntrack netlink configuration could overflow a local buffer causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c aka CID-1cc5ef91d2ff."
}
]
}
OPENSUSE-SU-2021:0241-1
Vulnerability from csaf_opensuse - Published: 2021-02-05 15:14 - Updated: 2021-02-05 15:14Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
- CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504).
- CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765).
- CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812)
- CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
- CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
- CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395).
The following non-security bugs were fixed:
- ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes).
- ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes).
- ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes).
- ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes).
- ACPI: sysfs: Prefer 'compatible' modalias (git-fixes).
- ALSA: doc: Fix reference to mixart.rst (git-fixes).
- ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes).
- ALSA: hda: Add Cometlake-R PCI ID (git-fixes).
- ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes).
- ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes).
- ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes).
- ALSA: hda/via: Add minimum mute flag (git-fixes).
- ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes).
- ALSA: pcm: fix hw_rule deps kABI (bsc#1181014).
- ALSA: pcm: One more dependency for hw constraints (bsc#1181014).
- ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes).
- ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014).
- ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes).
- ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014).
- ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes).
- ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes).
- ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014).
- ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes).
- ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes).
- ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014).
- ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014).
- arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489).
- arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130).
- arm64: pgtable: Fix pte_accessible() (bsc#1180130).
- ASoC: ak4458: correct reset polarity (git-fixes).
- ASoC: dapm: remove widget from dirty list on free (git-fixes).
- ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes).
- ASoC: meson: axg-tdm-interface: fix loopback (git-fixes).
- Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes).
- bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274).
- bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518).
- bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518).
- btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511).
- btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237).
- cachefiles: Drop superfluous readpages aops NULL check (git-fixes).
- can: dev: prevent potential information leak in can_fill_info() (git-fixes).
- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
- CDC-NCM: remove 'connected' log message (git-fixes).
- clk: tegra30: Add hda clock default rates to clock driver (git-fixes).
- crypto: asym_tpm: correct zero out potential secrets (git-fixes).
- drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264).
- drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848).
- drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf:
- drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes).
- drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes).
- drm/amd/display: Avoid MST manager resource leak (git-fixes).
- drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes).
- drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes).
- drm/amd/display: Do not double-buffer DTO adjustments (git-fixes).
- drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).
- drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes).
- drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes).
- drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).
- drm/amd/display: Increase timeout for DP Disable (git-fixes).
- drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes).
- drm/amd/display: remove useless if/else (git-fixes).
- drm/amd/display: Retry AUX write when fail occurs (git-fixes).
- drm/amd/display: Stop if retimer is not available (git-fixes).
- drm/amd/display: update nv1x stutter latencies (git-fixes).
- drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes).
- drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes).
- drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes).
- drm/amdgpu: do not map BO in reserved region (git-fixes).
- drm/amdgpu: fix a GPU hang issue when remove device (git-fixes).
- drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).
- drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes).
- drm/amdgpu: fix build_coefficients() argument (git-fixes).
- drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes).
- drm/amdgpu: increase atombios cmd timeout (git-fixes).
- drm/amdgpu: increase the reserved VM size to 2MB (git-fixes).
- drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes).
- drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes).
- drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes).
- drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
- drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes).
- drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes).
- drm/amdkfd: fix a memory leak issue (git-fixes).
- drm/amdkfd: Fix leak in dmabuf import (git-fixes).
- drm/amdkfd: fix restore worker race condition (git-fixes).
- drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes).
- drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes).
- drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472)
- drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes).
- drm/atomic: put state on error path (git-fixes).
- drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472)
- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).
- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes).
- drm/dp_aux_dev: check aux_dev before use in (bsc#1152472)
- drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes).
- drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes).
- drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes).
- drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: * context changes
- drm/gma500: fix double free of gma_connector (git-fixes).
- drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes).
- drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes).
- drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).
- drm/i915: Check for all subplatform bits (git-fixes).
- drm/i915: clear the gpu reloc batch (git-fixes).
- drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: * context changes
- drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes).
- drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes).
- drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes).
- drm/i915: Filter wake_flags passed to default_wake_function (git-fixes).
- drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes).
- drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).
- drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes).
- drm/i915/gt: Delay execlist processing for tgl (git-fixes).
- drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes).
- drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes).
- drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes).
- drm/i915/gvt: return error when failing to take the module reference (git-fixes).
- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
- drm/i915: Handle max_bpc==16 (git-fixes).
- drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes).
- drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472)
- drm/mcde: Fix handling of platform_get_irq() error (git-fixes).
- drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes).
- drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).
- drm/msm/a6xx: fix a potential overflow issue (git-fixes).
- drm/msm/a6xx: fix gmu start on newer firmware (git-fixes).
- drm/msm: add shutdown support for display platform_driver (git-fixes).
- drm/msm: Disable preemption on all 5xx targets (git-fixes).
- drm/msm/dpu: Add newline to printks (git-fixes).
- drm/msm/dpu: Fix scale params in plane validation (git-fixes).
- drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).
- drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes).
- drm/msm: fix leaks if initialization fails (git-fixes).
- drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).
- drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes).
- drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes).
- drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).
- drm/nouveau/mmu: fix vram heap sizing (git-fixes).
- drm/nouveau/nouveau: fix the start/end range for migration (git-fixes).
- drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).
- drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes).
- drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).
- drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes).
- drm/omap: fix incorrect lock state (git-fixes).
- drm/omap: fix possible object reference leak (git-fixes).
- drm/panfrost: add amlogic reset quirk callback (git-fixes).
- drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes).
- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472)
- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).
- drm/scheduler: Avoid accessing freed bad job (git-fixes).
- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472)
- drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes).
- drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes).
- drm/sun4i: frontend: Rework a bit the phase data (git-fixes).
- drm/sun4i: mixer: Extend regmap max_register (git-fixes).
- drm/syncobj: Fix use-after-free (git-fixes).
- drm/tegra: replace idr_init() by idr_init_base() (git-fixes).
- drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes).
- drm/ttm: fix eviction valuable range check (git-fixes).
- drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472)
- drm/tve200: Fix handling of platform_get_irq() error (git-fixes).
- drm/tve200: Stabilize enable/disable (git-fixes).
- drm/vc4: drv: Add error handding for bind (git-fixes).
- e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100).
- ehci: fix EHCI host controller initialization sequence (git-fixes).
- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).
- Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ('kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.')
- firmware: imx: select SOC_BUS to fix firmware build (git-fixes).
- floppy: reintroduce O_NDELAY fix (boo#1181018).
- futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).
- futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
- futex: Remove needless goto's (bsc#1149032).
- futex: Remove unused empty compat_exit_robust_list() (bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).
- HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes).
- HID: logitech-dj: add the G602 receiver (git-fixes).
- HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes).
- HID: multitouch: do not filter mice nodes (git-fixes).
- HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes).
- HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes).
- HID: wacom: Constify attribute_groups (git-fixes).
- HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes).
- HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes).
- HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes).
- hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes).
- i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes).
- i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).
- ice: avoid premature Rx buffer reuse (jsc#SLE-7926).
- ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926).
- iio: ad5504: Fix setting power-down state (git-fixes).
- iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494).
- iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217).
- ionic: account for vlan tag len in rx buffer len (bsc#1167773).
- kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes).
- kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)).
- KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218).
- KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545).
- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809).
- leds: trigger: fix potential deadlock with libata (git-fixes).
- lib/genalloc: fix the overflow when size is too big (git-fixes).
- lockd: do not use interval-based rebinding over TCP (for-next).
- mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes).
- mac80211: do not drop tx nulldata packets on encrypted links (git-fixes).
- md: fix a warning caused by a race between concurrent md_ioctl()s (for-next).
- media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104).
- media: dvb-usb: Fix use-after-free access (bsc#1181104).
- media: rc: ensure that uevent can be read directly after rc device register (git-fixes).
- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
- mmc: core: do not initialize block size from ext_csd if not present (git-fixes).
- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
- mm: memcontrol: fix missing wakeup polling thread (bsc#1181584).
- mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)).
- module: delay kobject uevent until after module init call (bsc#1178631).
- mt7601u: fix kernel crash unplugging the device (git-fixes).
- mt7601u: fix rx buffer refcounting (git-fixes).
- net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111).
- net/af_iucv: set correct sk_protocol for child sockets (git-fixes).
- net: fix proc_fs init handling in af_packet and tls (bsc#1154353).
- net: hns3: fix a phy loopback fail issue (bsc#1154353).
- net: hns3: remove a misused pragma packed (bsc#1154353).
- net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464).
- net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes).
- net/smc: cancel event worker during device removal (git-fixes).
- net/smc: check for valid ib_client_data (git-fixes).
- net/smc: fix cleanup for linkgroup setup failures (git-fixes).
- net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes).
- net/smc: fix dmb buffer shortage (git-fixes).
- net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).
- net/smc: fix sock refcounting in case of termination (git-fixes).
- net/smc: fix valid DMBE buffer sizes (git-fixes).
- net/smc: no peer ID in CLC decline for SMCD (git-fixes).
- net/smc: remove freed buffer from list (git-fixes).
- net/smc: reset sndbuf_desc if freed (git-fixes).
- net/smc: set rx_off for SMCR explicitly (git-fixes).
- net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
- net/smc: transfer fasync_list in case of fallback (git-fixes).
- net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next).
- net: sunrpc: interpret the return value of kstrtou32 correctly (for-next).
- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
- net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353).
- NFC: fix possible resource leak (git-fixes).
- NFC: fix resource leak when target index is invalid (git-fixes).
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next).
- nfs_common: need lock during iterate through the list (for-next).
- nfsd4: readdirplus shouldn't return parent of export (git-fixes).
- nfsd: Fix message level for normal termination (for-next).
- NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next).
- NFS: nfs_igrab_and_active must first reference the superblock (for-next).
- NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next).
- NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next).
- NFS: switch nfsiod to be an UNBOUND workqueue (for-next).
- NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next).
- NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next).
- nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161).
- nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161).
- platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes).
- platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes).
- platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes).
- platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes).
- PM: hibernate: flush swap writer after marking (git-fixes).
- pNFS: Mark layout for return if return-on-close was not sent (git-fixes).
- powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702).
- powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702).
- powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702).
- powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702).
- powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702).
- power: vexpress: add suppress_bind_attrs to true (git-fixes).
- prom_init: enable verbose prints (bsc#1178142 bsc#1180759).
- ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930).
- ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).
- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
- Revert 'nfsd4: support change_attr_type attribute' (for-next).
- Revive usb-audio Keep Interface mixer (bsc#1181014).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032).
- s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).
- s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914).
- s390/dasd: fix list corruption of lcu list (git-fixes).
- s390/dasd: fix list corruption of pavgroup group list (git-fixes).
- s390/dasd: prevent inconsistent LCU device data (git-fixes).
- s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes).
- s390/qeth: consolidate online/offline code (git-fixes).
- s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes).
- s390/qeth: fix deadlock during recovery (git-fixes).
- s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes).
- s390/qeth: fix locking for discipline setup / removal (git-fixes).
- s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).
- scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252).
- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891).
- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891).
- scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891).
- scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891).
- scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891).
- scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).
- scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).
- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
- scsi: lpfc: Fix target reset failing (bsc#1180891).
- scsi: lpfc: Fix vport create logging (bsc#1180891).
- scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).
- scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891).
- scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891).
- scsi: lpfc: Simplify bool comparison (bsc#1180891).
- scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891).
- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142).
- scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355).
- selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738).
- selftests: net: fib_tests: remove duplicate log test (git-fixes).
- selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851).
- selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851).
- selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851).
- selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851).
- selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851).
- selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579).
- selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851).
- serial: mvebu-uart: fix tx lost characters at power off (git-fixes).
- spi: cadence: cache reference clock rate during probe (git-fixes).
- SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next).
- sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next).
- SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next).
- timers: Preserve higher bits of expiration on index calculation (bsc#1181318).
- timers: Use only bucket expiry for base->next_expiry value (bsc#1181318).
- udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes).
- USB: cdc-acm: blacklist another IR Droid device (git-fixes).
- USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes).
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- usb: dwc3: Update soft-reset wait polling rate (git-fixes).
- USB: ehci: fix an interrupt calltrace error (git-fixes).
- usb: gadget: aspeed: fix stop dma register setting (git-fixes).
- usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes).
- usb: gadget: enable super speed plus (git-fixes).
- usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes).
- usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes).
- USB: serial: option: add LongSung M5710 module support (git-fixes).
- USB: serial: option: add Quectel EM160R-GL (git-fixes).
- usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes).
- usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).
- usb: udc: core: Use lock when write to soft_connect (git-fixes).
- USB: usblp: fix DMA to stack (git-fixes).
- vfio iommu: Add dma available capability (bsc#1179572 LTC#190110).
- vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219).
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220).
- video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes).
- video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).
- video: fbdev: pvr2fb: initialize variables (git-fixes).
- video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes).
- x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489).
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077).
- x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489).
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489).
- x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489).
- x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335).
- xen-blkfront: allow discard-* nodes to be optional (bsc#1181346).
- xen/privcmd: allow fetching resource sizes (bsc#1065600).
- xfs: show the proper user quota options (bsc#1181538).
- xhci: make sure TRB is fully written before giving it to the controller (git-fixes).
- xhci: tegra: Delay for disabling LFPS detector (git-fixes).
Patchnames: openSUSE-2021-241
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.1 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
87 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1065600 | self |
| https://bugzilla.suse.com/1149032 | self |
| https://bugzilla.suse.com/1152472 | self |
| https://bugzilla.suse.com/1152489 | self |
| https://bugzilla.suse.com/1153274 | self |
| https://bugzilla.suse.com/1154353 | self |
| https://bugzilla.suse.com/1155518 | self |
| https://bugzilla.suse.com/1163930 | self |
| https://bugzilla.suse.com/1165545 | self |
| https://bugzilla.suse.com/1167773 | self |
| https://bugzilla.suse.com/1172355 | self |
| https://bugzilla.suse.com/1176395 | self |
| https://bugzilla.suse.com/1176831 | self |
| https://bugzilla.suse.com/1178142 | self |
| https://bugzilla.suse.com/1178631 | self |
| https://bugzilla.suse.com/1179142 | self |
| https://bugzilla.suse.com/1179396 | self |
| https://bugzilla.suse.com/1179508 | self |
| https://bugzilla.suse.com/1179509 | self |
| https://bugzilla.suse.com/1179567 | self |
| https://bugzilla.suse.com/1179572 | self |
| https://bugzilla.suse.com/1180130 | self |
| https://bugzilla.suse.com/1180264 | self |
| https://bugzilla.suse.com/1180412 | self |
| https://bugzilla.suse.com/1180759 | self |
| https://bugzilla.suse.com/1180765 | self |
| https://bugzilla.suse.com/1180809 | self |
| https://bugzilla.suse.com/1180812 | self |
| https://bugzilla.suse.com/1180848 | self |
| https://bugzilla.suse.com/1180889 | self |
| https://bugzilla.suse.com/1180891 | self |
| https://bugzilla.suse.com/1180971 | self |
| https://bugzilla.suse.com/1181014 | self |
| https://bugzilla.suse.com/1181018 | self |
| https://bugzilla.suse.com/1181077 | self |
| https://bugzilla.suse.com/1181104 | self |
| https://bugzilla.suse.com/1181148 | self |
| https://bugzilla.suse.com/1181158 | self |
| https://bugzilla.suse.com/1181161 | self |
| https://bugzilla.suse.com/1181169 | self |
| https://bugzilla.suse.com/1181203 | self |
| https://bugzilla.suse.com/1181217 | self |
| https://bugzilla.suse.com/1181218 | self |
| https://bugzilla.suse.com/1181219 | self |
| https://bugzilla.suse.com/1181220 | self |
| https://bugzilla.suse.com/1181237 | self |
| https://bugzilla.suse.com/1181318 | self |
| https://bugzilla.suse.com/1181335 | self |
| https://bugzilla.suse.com/1181346 | self |
| https://bugzilla.suse.com/1181349 | self |
| https://bugzilla.suse.com/1181425 | self |
| https://bugzilla.suse.com/1181494 | self |
| https://bugzilla.suse.com/1181504 | self |
| https://bugzilla.suse.com/1181511 | self |
| https://bugzilla.suse.com/1181538 | self |
| https://bugzilla.suse.com/1181584 | self |
| https://www.suse.com/security/cve/CVE-2020-25211/ | self |
| https://www.suse.com/security/cve/CVE-2020-29568/ | self |
| https://www.suse.com/security/cve/CVE-2020-29569/ | self |
| https://www.suse.com/security/cve/CVE-2021-0342/ | self |
| https://www.suse.com/security/cve/CVE-2021-20177/ | self |
| https://www.suse.com/security/cve/CVE-2021-3347/ | self |
| https://www.suse.com/security/cve/CVE-2021-3348/ | self |
| https://www.suse.com/security/cve/CVE-2020-25211 | external |
| https://bugzilla.suse.com/1176395 | external |
| https://bugzilla.suse.com/1192356 | external |
| https://www.suse.com/security/cve/CVE-2020-29568 | external |
| https://bugzilla.suse.com/1179508 | external |
| https://www.suse.com/security/cve/CVE-2020-29569 | external |
| https://bugzilla.suse.com/1179509 | external |
| https://bugzilla.suse.com/1180008 | external |
| https://www.suse.com/security/cve/CVE-2021-0342 | external |
| https://bugzilla.suse.com/1180812 | external |
| https://bugzilla.suse.com/1180859 | external |
| https://www.suse.com/security/cve/CVE-2021-20177 | external |
| https://bugzilla.suse.com/1180765 | external |
| https://www.suse.com/security/cve/CVE-2021-3347 | external |
| https://bugzilla.suse.com/1181349 | external |
| https://bugzilla.suse.com/1181553 | external |
| https://bugzilla.suse.com/1190859 | external |
| https://www.suse.com/security/cve/CVE-2021-3348 | external |
| https://bugzilla.suse.com/1181504 | external |
| https://bugzilla.suse.com/1181645 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n- CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504).\n- CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765).\n- CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812)\n- CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n- CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n- CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395).\n\nThe following non-security bugs were fixed:\n\n- ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes).\n- ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes).\n- ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes).\n- ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes).\n- ACPI: sysfs: Prefer \u0027compatible\u0027 modalias (git-fixes).\n- ALSA: doc: Fix reference to mixart.rst (git-fixes).\n- ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).\n- ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes).\n- ALSA: hda: Add Cometlake-R PCI ID (git-fixes).\n- ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes).\n- ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes).\n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).\n- ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes).\n- ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes).\n- ALSA: hda/via: Add minimum mute flag (git-fixes).\n- ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes).\n- ALSA: pcm: fix hw_rule deps kABI (bsc#1181014).\n- ALSA: pcm: One more dependency for hw constraints (bsc#1181014).\n- ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes).\n- ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014).\n- ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes).\n- ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014).\n- ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes).\n- ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes).\n- ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014).\n- ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes).\n- ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes).\n- ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014).\n- ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014).\n- arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489).\n- arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130).\n- arm64: pgtable: Fix pte_accessible() (bsc#1180130).\n- ASoC: ak4458: correct reset polarity (git-fixes).\n- ASoC: dapm: remove widget from dirty list on free (git-fixes).\n- ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes).\n- ASoC: meson: axg-tdm-interface: fix loopback (git-fixes).\n- Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes).\n- bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274).\n- bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518).\n- bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518).\n- btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511).\n- btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237).\n- cachefiles: Drop superfluous readpages aops NULL check (git-fixes).\n- can: dev: prevent potential information leak in can_fill_info() (git-fixes).\n- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).\n- CDC-NCM: remove \u0027connected\u0027 log message (git-fixes).\n- clk: tegra30: Add hda clock default rates to clock driver (git-fixes).\n- crypto: asym_tpm: correct zero out potential secrets (git-fixes).\n- drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264).\n- drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848).\n- drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf:\n- drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes).\n- drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes).\n- drm/amd/display: Avoid MST manager resource leak (git-fixes).\n- drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes).\n- drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes).\n- drm/amd/display: Do not double-buffer DTO adjustments (git-fixes).\n- drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).\n- drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes).\n- drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes).\n- drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).\n- drm/amd/display: Increase timeout for DP Disable (git-fixes).\n- drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes).\n- drm/amd/display: remove useless if/else (git-fixes).\n- drm/amd/display: Retry AUX write when fail occurs (git-fixes).\n- drm/amd/display: Stop if retimer is not available (git-fixes).\n- drm/amd/display: update nv1x stutter latencies (git-fixes).\n- drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes).\n- drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes).\n- drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes).\n- drm/amdgpu: do not map BO in reserved region (git-fixes).\n- drm/amdgpu: fix a GPU hang issue when remove device (git-fixes).\n- drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).\n- drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes).\n- drm/amdgpu: fix build_coefficients() argument (git-fixes).\n- drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes).\n- drm/amdgpu: increase atombios cmd timeout (git-fixes).\n- drm/amdgpu: increase the reserved VM size to 2MB (git-fixes).\n- drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes).\n- drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes).\n- drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes).\n- drm/amdgpu: prevent double kfree ttm-\u003esg (git-fixes).\n- drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes).\n- drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes).\n- drm/amdkfd: fix a memory leak issue (git-fixes).\n- drm/amdkfd: Fix leak in dmabuf import (git-fixes).\n- drm/amdkfd: fix restore worker race condition (git-fixes).\n- drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes).\n- drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes).\n- drm/aspeed: Fix Kconfig warning \u0026 subsequent build errors (bsc#1152472)\n- drm/aspeed: Fix Kconfig warning \u0026 subsequent build errors (git-fixes).\n- drm/atomic: put state on error path (git-fixes).\n- drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472)\n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).\n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes).\n- drm/dp_aux_dev: check aux_dev before use in (bsc#1152472)\n- drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes).\n- drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes).\n- drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes).\n- drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: \t* context changes\n- drm/gma500: fix double free of gma_connector (git-fixes).\n- drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes).\n- drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes).\n- drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).\n- drm/i915: Check for all subplatform bits (git-fixes).\n- drm/i915: clear the gpu reloc batch (git-fixes).\n- drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: \t* context changes\n- drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes).\n- drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes).\n- drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes).\n- drm/i915: Filter wake_flags passed to default_wake_function (git-fixes).\n- drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes).\n- drm/i915: Force VT\u0027d workarounds when running as a guest OS (git-fixes).\n- drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes).\n- drm/i915/gt: Delay execlist processing for tgl (git-fixes).\n- drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes).\n- drm/i915/gt: Prevent use of engine-\u003ewa_ctx after error (git-fixes).\n- drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes).\n- drm/i915/gvt: return error when failing to take the module reference (git-fixes).\n- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n- drm/i915: Handle max_bpc==16 (git-fixes).\n- drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes).\n- drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472)\n- drm/mcde: Fix handling of platform_get_irq() error (git-fixes).\n- drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes).\n- drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).\n- drm/msm/a6xx: fix a potential overflow issue (git-fixes).\n- drm/msm/a6xx: fix gmu start on newer firmware (git-fixes).\n- drm/msm: add shutdown support for display platform_driver (git-fixes).\n- drm/msm: Disable preemption on all 5xx targets (git-fixes).\n- drm/msm/dpu: Add newline to printks (git-fixes).\n- drm/msm/dpu: Fix scale params in plane validation (git-fixes).\n- drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).\n- drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes).\n- drm/msm: fix leaks if initialization fails (git-fixes).\n- drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).\n- drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes).\n- drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes).\n- drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).\n- drm/nouveau/mmu: fix vram heap sizing (git-fixes).\n- drm/nouveau/nouveau: fix the start/end range for migration (git-fixes).\n- drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).\n- drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes).\n- drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).\n- drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes).\n- drm/omap: fix incorrect lock state (git-fixes).\n- drm/omap: fix possible object reference leak (git-fixes).\n- drm/panfrost: add amlogic reset quirk callback (git-fixes).\n- drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes).\n- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472)\n- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).\n- drm/scheduler: Avoid accessing freed bad job (git-fixes).\n- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472)\n- drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes).\n- drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes).\n- drm/sun4i: frontend: Rework a bit the phase data (git-fixes).\n- drm/sun4i: mixer: Extend regmap max_register (git-fixes).\n- drm/syncobj: Fix use-after-free (git-fixes).\n- drm/tegra: replace idr_init() by idr_init_base() (git-fixes).\n- drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes).\n- drm/ttm: fix eviction valuable range check (git-fixes).\n- drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472)\n- drm/tve200: Fix handling of platform_get_irq() error (git-fixes).\n- drm/tve200: Stabilize enable/disable (git-fixes).\n- drm/vc4: drv: Add error handding for bind (git-fixes).\n- e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100).\n- ehci: fix EHCI host controller initialization sequence (git-fixes).\n- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).\n- Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 (\u0027kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.\u0027)\n- firmware: imx: select SOC_BUS to fix firmware build (git-fixes).\n- floppy: reintroduce O_NDELAY fix (boo#1181018).\n- futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).\n- futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).\n- futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).\n- futex: Remove needless goto\u0027s (bsc#1149032).\n- futex: Remove unused empty compat_exit_robust_list() (bsc#1149032).\n- futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).\n- futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).\n- futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).\n- HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes).\n- HID: logitech-dj: add the G602 receiver (git-fixes).\n- HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes).\n- HID: multitouch: do not filter mice nodes (git-fixes).\n- HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes).\n- HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes).\n- HID: wacom: Constify attribute_groups (git-fixes).\n- HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes).\n- HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes).\n- HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes).\n- hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes).\n- i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes).\n- i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).\n- ice: avoid premature Rx buffer reuse (jsc#SLE-7926).\n- ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926).\n- iio: ad5504: Fix setting power-down state (git-fixes).\n- iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494).\n- iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217).\n- ionic: account for vlan tag len in rx buffer len (bsc#1167773).\n- kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes).\n- kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)).\n- KVM: nVMX: Reload vmcs01 if getting vmcs12\u0027s pages fails (bsc#1181218).\n- KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545).\n- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809).\n- leds: trigger: fix potential deadlock with libata (git-fixes).\n- lib/genalloc: fix the overflow when size is too big (git-fixes).\n- lockd: do not use interval-based rebinding over TCP (for-next).\n- mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes).\n- mac80211: do not drop tx nulldata packets on encrypted links (git-fixes).\n- md: fix a warning caused by a race between concurrent md_ioctl()s (for-next).\n- media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104).\n- media: dvb-usb: Fix use-after-free access (bsc#1181104).\n- media: rc: ensure that uevent can be read directly after rc device register (git-fixes).\n- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).\n- mmc: core: do not initialize block size from ext_csd if not present (git-fixes).\n- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).\n- mm: memcontrol: fix missing wakeup polling thread (bsc#1181584).\n- mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)).\n- module: delay kobject uevent until after module init call (bsc#1178631).\n- mt7601u: fix kernel crash unplugging the device (git-fixes).\n- mt7601u: fix rx buffer refcounting (git-fixes).\n- net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111).\n- net/af_iucv: set correct sk_protocol for child sockets (git-fixes).\n- net: fix proc_fs init handling in af_packet and tls (bsc#1154353).\n- net: hns3: fix a phy loopback fail issue (bsc#1154353).\n- net: hns3: remove a misused pragma packed (bsc#1154353).\n- net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464).\n- net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes).\n- net/smc: cancel event worker during device removal (git-fixes).\n- net/smc: check for valid ib_client_data (git-fixes).\n- net/smc: fix cleanup for linkgroup setup failures (git-fixes).\n- net/smc: fix direct access to ib_gid_addr-\u003endev in smc_ib_determine_gid() (git-fixes).\n- net/smc: fix dmb buffer shortage (git-fixes).\n- net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).\n- net/smc: fix sock refcounting in case of termination (git-fixes).\n- net/smc: fix valid DMBE buffer sizes (git-fixes).\n- net/smc: no peer ID in CLC decline for SMCD (git-fixes).\n- net/smc: remove freed buffer from list (git-fixes).\n- net/smc: reset sndbuf_desc if freed (git-fixes).\n- net/smc: set rx_off for SMCR explicitly (git-fixes).\n- net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).\n- net/smc: transfer fasync_list in case of fallback (git-fixes).\n- net: sunrpc: Fix \u0027snprintf\u0027 return value check in \u0027do_xprt_debugfs\u0027 (for-next).\n- net: sunrpc: interpret the return value of kstrtou32 correctly (for-next).\n- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).\n- net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353).\n- NFC: fix possible resource leak (git-fixes).\n- NFC: fix resource leak when target index is invalid (git-fixes).\n- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next).\n- nfs_common: need lock during iterate through the list (for-next).\n- nfsd4: readdirplus shouldn\u0027t return parent of export (git-fixes).\n- nfsd: Fix message level for normal termination (for-next).\n- NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next).\n- NFS: nfs_igrab_and_active must first reference the superblock (for-next).\n- NFS/pNFS: Fix a leak of the layout \u0027plh_outstanding\u0027 counter (for-next).\n- NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next).\n- NFS: switch nfsiod to be an UNBOUND workqueue (for-next).\n- NFSv4.2: condition READDIR\u0027s mask for security label based on LSM state (for-next).\n- NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next).\n- nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161).\n- nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161).\n- platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes).\n- platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes).\n- platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes).\n- platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes).\n- PM: hibernate: flush swap writer after marking (git-fixes).\n- pNFS: Mark layout for return if return-on-close was not sent (git-fixes).\n- powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702).\n- powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702).\n- powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702).\n- powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702).\n- powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702).\n- power: vexpress: add suppress_bind_attrs to true (git-fixes).\n- prom_init: enable verbose prints (bsc#1178142 bsc#1180759).\n- ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930).\n- ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).\n- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).\n- Revert \u0027nfsd4: support change_attr_type attribute\u0027 (for-next).\n- Revive usb-audio Keep Interface mixer (bsc#1181014).\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032).\n- s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).\n- s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914).\n- s390/dasd: fix list corruption of lcu list (git-fixes).\n- s390/dasd: fix list corruption of pavgroup group list (git-fixes).\n- s390/dasd: prevent inconsistent LCU device data (git-fixes).\n- s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes).\n- s390/qeth: consolidate online/offline code (git-fixes).\n- s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes).\n- s390/qeth: fix deadlock during recovery (git-fixes).\n- s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes).\n- s390/qeth: fix locking for discipline setup / removal (git-fixes).\n- s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).\n- scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252).\n- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891).\n- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891).\n- scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891).\n- scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891).\n- scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891).\n- scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).\n- scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).\n- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).\n- scsi: lpfc: Fix target reset failing (bsc#1180891).\n- scsi: lpfc: Fix vport create logging (bsc#1180891).\n- scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).\n- scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891).\n- scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891).\n- scsi: lpfc: Simplify bool comparison (bsc#1180891).\n- scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).\n- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891).\n- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142).\n- scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355).\n- selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738).\n- selftests: net: fib_tests: remove duplicate log test (git-fixes).\n- selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851).\n- selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851).\n- selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851).\n- selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851).\n- selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851).\n- selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579).\n- selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851).\n- serial: mvebu-uart: fix tx lost characters at power off (git-fixes).\n- spi: cadence: cache reference clock rate during probe (git-fixes).\n- SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next).\n- sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next).\n- SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next).\n- timers: Preserve higher bits of expiration on index calculation (bsc#1181318).\n- timers: Use only bucket expiry for base-\u003enext_expiry value (bsc#1181318).\n- udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes).\n- USB: cdc-acm: blacklist another IR Droid device (git-fixes).\n- USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes).\n- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).\n- usb: dwc3: core: Properly default unspecified speed (git-fixes).\n- usb: dwc3: Update soft-reset wait polling rate (git-fixes).\n- USB: ehci: fix an interrupt calltrace error (git-fixes).\n- usb: gadget: aspeed: fix stop dma register setting (git-fixes).\n- usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes).\n- usb: gadget: enable super speed plus (git-fixes).\n- usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes).\n- usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes).\n- USB: serial: option: add LongSung M5710 module support (git-fixes).\n- USB: serial: option: add Quectel EM160R-GL (git-fixes).\n- usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes).\n- usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).\n- usb: udc: core: Use lock when write to soft_connect (git-fixes).\n- USB: usblp: fix DMA to stack (git-fixes).\n- vfio iommu: Add dma available capability (bsc#1179572 LTC#190110).\n- vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219).\n- vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220).\n- video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes).\n- video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).\n- video: fbdev: pvr2fb: initialize variables (git-fixes).\n- video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes).\n- x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489).\n- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077).\n- x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489).\n- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).\n- x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489).\n- x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489).\n- x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335).\n- xen-blkfront: allow discard-* nodes to be optional (bsc#1181346).\n- xen/privcmd: allow fetching resource sizes (bsc#1065600).\n- xfs: show the proper user quota options (bsc#1181538).\n- xhci: make sure TRB is fully written before giving it to the controller (git-fixes).\n- xhci: tegra: Delay for disabling LFPS detector (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-241",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0241-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0241-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZRN6BW22C4S3GVCJVPHDT4HHTLVGVZE/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0241-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZRN6BW22C4S3GVCJVPHDT4HHTLVGVZE/"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1149032",
"url": "https://bugzilla.suse.com/1149032"
},
{
"category": "self",
"summary": "SUSE Bug 1152472",
"url": "https://bugzilla.suse.com/1152472"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1153274",
"url": "https://bugzilla.suse.com/1153274"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1155518",
"url": "https://bugzilla.suse.com/1155518"
},
{
"category": "self",
"summary": "SUSE Bug 1163930",
"url": "https://bugzilla.suse.com/1163930"
},
{
"category": "self",
"summary": "SUSE Bug 1165545",
"url": "https://bugzilla.suse.com/1165545"
},
{
"category": "self",
"summary": "SUSE Bug 1167773",
"url": "https://bugzilla.suse.com/1167773"
},
{
"category": "self",
"summary": "SUSE Bug 1172355",
"url": "https://bugzilla.suse.com/1172355"
},
{
"category": "self",
"summary": "SUSE Bug 1176395",
"url": "https://bugzilla.suse.com/1176395"
},
{
"category": "self",
"summary": "SUSE Bug 1176831",
"url": "https://bugzilla.suse.com/1176831"
},
{
"category": "self",
"summary": "SUSE Bug 1178142",
"url": "https://bugzilla.suse.com/1178142"
},
{
"category": "self",
"summary": "SUSE Bug 1178631",
"url": "https://bugzilla.suse.com/1178631"
},
{
"category": "self",
"summary": "SUSE Bug 1179142",
"url": "https://bugzilla.suse.com/1179142"
},
{
"category": "self",
"summary": "SUSE Bug 1179396",
"url": "https://bugzilla.suse.com/1179396"
},
{
"category": "self",
"summary": "SUSE Bug 1179508",
"url": "https://bugzilla.suse.com/1179508"
},
{
"category": "self",
"summary": "SUSE Bug 1179509",
"url": "https://bugzilla.suse.com/1179509"
},
{
"category": "self",
"summary": "SUSE Bug 1179567",
"url": "https://bugzilla.suse.com/1179567"
},
{
"category": "self",
"summary": "SUSE Bug 1179572",
"url": "https://bugzilla.suse.com/1179572"
},
{
"category": "self",
"summary": "SUSE Bug 1180130",
"url": "https://bugzilla.suse.com/1180130"
},
{
"category": "self",
"summary": "SUSE Bug 1180264",
"url": "https://bugzilla.suse.com/1180264"
},
{
"category": "self",
"summary": "SUSE Bug 1180412",
"url": "https://bugzilla.suse.com/1180412"
},
{
"category": "self",
"summary": "SUSE Bug 1180759",
"url": "https://bugzilla.suse.com/1180759"
},
{
"category": "self",
"summary": "SUSE Bug 1180765",
"url": "https://bugzilla.suse.com/1180765"
},
{
"category": "self",
"summary": "SUSE Bug 1180809",
"url": "https://bugzilla.suse.com/1180809"
},
{
"category": "self",
"summary": "SUSE Bug 1180812",
"url": "https://bugzilla.suse.com/1180812"
},
{
"category": "self",
"summary": "SUSE Bug 1180848",
"url": "https://bugzilla.suse.com/1180848"
},
{
"category": "self",
"summary": "SUSE Bug 1180889",
"url": "https://bugzilla.suse.com/1180889"
},
{
"category": "self",
"summary": "SUSE Bug 1180891",
"url": "https://bugzilla.suse.com/1180891"
},
{
"category": "self",
"summary": "SUSE Bug 1180971",
"url": "https://bugzilla.suse.com/1180971"
},
{
"category": "self",
"summary": "SUSE Bug 1181014",
"url": "https://bugzilla.suse.com/1181014"
},
{
"category": "self",
"summary": "SUSE Bug 1181018",
"url": "https://bugzilla.suse.com/1181018"
},
{
"category": "self",
"summary": "SUSE Bug 1181077",
"url": "https://bugzilla.suse.com/1181077"
},
{
"category": "self",
"summary": "SUSE Bug 1181104",
"url": "https://bugzilla.suse.com/1181104"
},
{
"category": "self",
"summary": "SUSE Bug 1181148",
"url": "https://bugzilla.suse.com/1181148"
},
{
"category": "self",
"summary": "SUSE Bug 1181158",
"url": "https://bugzilla.suse.com/1181158"
},
{
"category": "self",
"summary": "SUSE Bug 1181161",
"url": "https://bugzilla.suse.com/1181161"
},
{
"category": "self",
"summary": "SUSE Bug 1181169",
"url": "https://bugzilla.suse.com/1181169"
},
{
"category": "self",
"summary": "SUSE Bug 1181203",
"url": "https://bugzilla.suse.com/1181203"
},
{
"category": "self",
"summary": "SUSE Bug 1181217",
"url": "https://bugzilla.suse.com/1181217"
},
{
"category": "self",
"summary": "SUSE Bug 1181218",
"url": "https://bugzilla.suse.com/1181218"
},
{
"category": "self",
"summary": "SUSE Bug 1181219",
"url": "https://bugzilla.suse.com/1181219"
},
{
"category": "self",
"summary": "SUSE Bug 1181220",
"url": "https://bugzilla.suse.com/1181220"
},
{
"category": "self",
"summary": "SUSE Bug 1181237",
"url": "https://bugzilla.suse.com/1181237"
},
{
"category": "self",
"summary": "SUSE Bug 1181318",
"url": "https://bugzilla.suse.com/1181318"
},
{
"category": "self",
"summary": "SUSE Bug 1181335",
"url": "https://bugzilla.suse.com/1181335"
},
{
"category": "self",
"summary": "SUSE Bug 1181346",
"url": "https://bugzilla.suse.com/1181346"
},
{
"category": "self",
"summary": "SUSE Bug 1181349",
"url": "https://bugzilla.suse.com/1181349"
},
{
"category": "self",
"summary": "SUSE Bug 1181425",
"url": "https://bugzilla.suse.com/1181425"
},
{
"category": "self",
"summary": "SUSE Bug 1181494",
"url": "https://bugzilla.suse.com/1181494"
},
{
"category": "self",
"summary": "SUSE Bug 1181504",
"url": "https://bugzilla.suse.com/1181504"
},
{
"category": "self",
"summary": "SUSE Bug 1181511",
"url": "https://bugzilla.suse.com/1181511"
},
{
"category": "self",
"summary": "SUSE Bug 1181538",
"url": "https://bugzilla.suse.com/1181538"
},
{
"category": "self",
"summary": "SUSE Bug 1181584",
"url": "https://bugzilla.suse.com/1181584"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29568 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29569 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-0342 page",
"url": "https://www.suse.com/security/cve/CVE-2021-0342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20177 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3347 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3348 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3348/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2021-02-05T15:14:38Z",
"generator": {
"date": "2021-02-05T15:14:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0241-1",
"initial_release_date": "2021-02-05T15:14:38Z",
"revision_history": [
{
"date": "2021-02-05T15:14:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.3.18-lp152.63.1.noarch",
"product": {
"name": "kernel-devel-5.3.18-lp152.63.1.noarch",
"product_id": "kernel-devel-5.3.18-lp152.63.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-5.3.18-lp152.63.1.noarch",
"product": {
"name": "kernel-docs-5.3.18-lp152.63.1.noarch",
"product_id": "kernel-docs-5.3.18-lp152.63.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-5.3.18-lp152.63.1.noarch",
"product": {
"name": "kernel-docs-html-5.3.18-lp152.63.1.noarch",
"product_id": "kernel-docs-html-5.3.18-lp152.63.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.3.18-lp152.63.1.noarch",
"product": {
"name": "kernel-macros-5.3.18-lp152.63.1.noarch",
"product_id": "kernel-macros-5.3.18-lp152.63.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-5.3.18-lp152.63.1.noarch",
"product": {
"name": "kernel-source-5.3.18-lp152.63.1.noarch",
"product_id": "kernel-source-5.3.18-lp152.63.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"product": {
"name": "kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"product_id": "kernel-source-vanilla-5.3.18-lp152.63.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-debug-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-debug-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-debug-devel-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-default-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-default-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"product": {
"name": "kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"product_id": "kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"product": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"product_id": "kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-default-devel-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-kvmsmall-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-obs-build-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-obs-qa-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-preempt-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-preempt-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-preempt-devel-5.3.18-lp152.63.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-5.3.18-lp152.63.1.x86_64",
"product": {
"name": "kernel-syms-5.3.18-lp152.63.1.x86_64",
"product_id": "kernel-syms-5.3.18-lp152.63.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-debug-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-default-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"
},
"product_reference": "kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"
},
"product_reference": "kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch"
},
"product_reference": "kernel-devel-5.3.18-lp152.63.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch"
},
"product_reference": "kernel-docs-5.3.18-lp152.63.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch"
},
"product_reference": "kernel-docs-html-5.3.18-lp152.63.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch"
},
"product_reference": "kernel-macros-5.3.18-lp152.63.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-preempt-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch"
},
"product_reference": "kernel-source-5.3.18-lp152.63.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch"
},
"product_reference": "kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
},
"product_reference": "kernel-syms-5.3.18-lp152.63.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25211",
"url": "https://www.suse.com/security/cve/CVE-2020-25211"
},
{
"category": "external",
"summary": "SUSE Bug 1176395 for CVE-2020-25211",
"url": "https://bugzilla.suse.com/1176395"
},
{
"category": "external",
"summary": "SUSE Bug 1192356 for CVE-2020-25211",
"url": "https://bugzilla.suse.com/1192356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-05T15:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2020-25211"
},
{
"cve": "CVE-2020-29568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29568"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29568",
"url": "https://www.suse.com/security/cve/CVE-2020-29568"
},
{
"category": "external",
"summary": "SUSE Bug 1179508 for CVE-2020-29568",
"url": "https://bugzilla.suse.com/1179508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-05T15:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2020-29568"
},
{
"cve": "CVE-2020-29569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29569"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-\u003exenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29569",
"url": "https://www.suse.com/security/cve/CVE-2020-29569"
},
{
"category": "external",
"summary": "SUSE Bug 1179509 for CVE-2020-29569",
"url": "https://bugzilla.suse.com/1179509"
},
{
"category": "external",
"summary": "SUSE Bug 1180008 for CVE-2020-29569",
"url": "https://bugzilla.suse.com/1180008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-05T15:14:38Z",
"details": "important"
}
],
"title": "CVE-2020-29569"
},
{
"cve": "CVE-2021-0342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-0342"
}
],
"notes": [
{
"category": "general",
"text": "In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-0342",
"url": "https://www.suse.com/security/cve/CVE-2021-0342"
},
{
"category": "external",
"summary": "SUSE Bug 1180812 for CVE-2021-0342",
"url": "https://bugzilla.suse.com/1180812"
},
{
"category": "external",
"summary": "SUSE Bug 1180859 for CVE-2021-0342",
"url": "https://bugzilla.suse.com/1180859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-05T15:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-0342"
},
{
"cve": "CVE-2021-20177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20177"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20177",
"url": "https://www.suse.com/security/cve/CVE-2021-20177"
},
{
"category": "external",
"summary": "SUSE Bug 1180765 for CVE-2021-20177",
"url": "https://bugzilla.suse.com/1180765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-05T15:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-20177"
},
{
"cve": "CVE-2021-3347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3347",
"url": "https://www.suse.com/security/cve/CVE-2021-3347"
},
{
"category": "external",
"summary": "SUSE Bug 1181349 for CVE-2021-3347",
"url": "https://bugzilla.suse.com/1181349"
},
{
"category": "external",
"summary": "SUSE Bug 1181553 for CVE-2021-3347",
"url": "https://bugzilla.suse.com/1181553"
},
{
"category": "external",
"summary": "SUSE Bug 1190859 for CVE-2021-3347",
"url": "https://bugzilla.suse.com/1190859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-05T15:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-3347"
},
{
"cve": "CVE-2021-3348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3348"
}
],
"notes": [
{
"category": "general",
"text": "nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3348",
"url": "https://www.suse.com/security/cve/CVE-2021-3348"
},
{
"category": "external",
"summary": "SUSE Bug 1181504 for CVE-2021-3348",
"url": "https://bugzilla.suse.com/1181504"
},
{
"category": "external",
"summary": "SUSE Bug 1181645 for CVE-2021-3348",
"url": "https://bugzilla.suse.com/1181645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-05T15:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-3348"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…