Описание
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-24_15 fixes one issue.
The following security issue was fixed:
- CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-24_24-default-2-2.1
kernel-livepatch-5_3_18-24_15-default-2-2.1
Ссылки
- Link for SUSE-SU-2020:3181-1
- E-Mail link for SUSE-SU-2020:3181-1
- SUSE Security Ratings
- SUSE Bug 1176382
- SUSE CVE CVE-2020-25212 page
Описание
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_15-default-2-2.1
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_24-default-2-2.1
Ссылки
- CVE-2020-25212
- SUSE Bug 1176381
- SUSE Bug 1176382
- SUSE Bug 1177027