Описание
Security update for RT kernel
This update syncs the RT kernel from the SUSE Linux Enterprise 15-SP2 codestream.
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0242-1
- SUSE Security Ratings
- SUSE Bug 1034995
- SUSE Bug 1040855
- SUSE Bug 1043347
- SUSE Bug 1044120
- SUSE Bug 1044767
- SUSE Bug 1055014
- SUSE Bug 1055117
- SUSE Bug 1055186
- SUSE Bug 1058115
- SUSE Bug 1061843
- SUSE Bug 1065600
- SUSE Bug 1065729
- SUSE Bug 1066382
- SUSE Bug 1071995
- SUSE Bug 1077428
- SUSE Bug 1085030
- SUSE Bug 1094244
- SUSE Bug 1094840
Описание
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
Затронутые продукты
Ссылки
- CVE-2019-19462
- SUSE Bug 1158265
Описание
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
Затронутые продукты
Ссылки
- CVE-2019-20810
- SUSE Bug 1172458
Описание
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
Затронутые продукты
Ссылки
- CVE-2019-20812
- SUSE Bug 1172453
Описание
In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0110
- SUSE Bug 1171374
- SUSE Bug 1174874
Описание
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
Затронутые продукты
Ссылки
- CVE-2020-0305
- SUSE Bug 1174462
Описание
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0404
- SUSE Bug 1176423
Описание
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
Затронутые продукты
Ссылки
- CVE-2020-0427
- SUSE Bug 1176725
Описание
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
Затронутые продукты
Ссылки
- CVE-2020-0431
- SUSE Bug 1176722
- SUSE Bug 1176896
Описание
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807
Затронутые продукты
Ссылки
- CVE-2020-0432
- SUSE Bug 1176721
- SUSE Bug 1177165
Описание
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0444
- SUSE Bug 1180027
- SUSE Bug 1180028
Описание
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0465
- SUSE Bug 1180029
- SUSE Bug 1180030
Описание
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-0466
- SUSE Bug 1180031
- SUSE Bug 1180032
- SUSE Bug 1199255
- SUSE Bug 1200084
Описание
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2020-0543
- SUSE Bug 1154824
- SUSE Bug 1172205
- SUSE Bug 1172206
- SUSE Bug 1172207
- SUSE Bug 1172770
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
Затронутые продукты
Ссылки
- CVE-2020-10135
- SUSE Bug 1171988
Описание
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-10711
- SUSE Bug 1171191
Описание
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
Затронутые продукты
Ссылки
- CVE-2020-10732
- SUSE Bug 1171220
Описание
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
Затронутые продукты
Ссылки
- CVE-2020-10751
- SUSE Bug 1171189
- SUSE Bug 1174963
Описание
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2020-10757
- SUSE Bug 1159281
- SUSE Bug 1172317
- SUSE Bug 1172437
Описание
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-10766
- SUSE Bug 1159281
- SUSE Bug 1172781
Описание
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-10767
- SUSE Bug 1159281
- SUSE Bug 1172782
Описание
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-10768
- SUSE Bug 1159281
- SUSE Bug 1172783
Описание
A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
Затронутые продукты
Ссылки
- CVE-2020-10773
- SUSE Bug 1172999
Описание
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
Затронутые продукты
Ссылки
- CVE-2020-10781
- SUSE Bug 1173074
Описание
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
Затронутые продукты
Ссылки
- CVE-2020-11668
- SUSE Bug 1168952
- SUSE Bug 1173942
Описание
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Затронутые продукты
Ссылки
- CVE-2020-12351
- SUSE Bug 1177724
- SUSE Bug 1177729
- SUSE Bug 1178397
Описание
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
Затронутые продукты
Ссылки
- CVE-2020-12352
- SUSE Bug 1177725
- SUSE Bug 1178398
Описание
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
Затронутые продукты
Ссылки
- CVE-2020-12652
- SUSE Bug 1171218
Описание
** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug.
Затронутые продукты
Ссылки
- CVE-2020-12656
- SUSE Bug 1171219
Описание
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
Затронутые продукты
Ссылки
- CVE-2020-12769
- SUSE Bug 1171983
Описание
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
Затронутые продукты
Ссылки
- CVE-2020-12771
- SUSE Bug 1171732
Описание
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
Затронутые продукты
Ссылки
- CVE-2020-12888
- SUSE Bug 1159281
- SUSE Bug 1171868
- SUSE Bug 1176979
- SUSE Bug 1179612
Описание
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
Затронутые продукты
Ссылки
- CVE-2020-13143
- SUSE Bug 1171982
Описание
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.
Затронутые продукты
Ссылки
- CVE-2020-13974
- SUSE Bug 1172775
Описание
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2020-14314
- SUSE Bug 1173798
Описание
A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-14331
- SUSE Bug 1174205
- SUSE Bug 1174247
Описание
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-14351
- SUSE Bug 1177086
Описание
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2020-14356
- SUSE Bug 1175213
- SUSE Bug 1176392
Описание
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2020-14385
- SUSE Bug 1176137
Описание
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
Затронутые продукты
Ссылки
- CVE-2020-14386
- SUSE Bug 1176069
- SUSE Bug 1176072
Описание
A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Затронутые продукты
Ссылки
- CVE-2020-14390
- SUSE Bug 1176235
- SUSE Bug 1176253
- SUSE Bug 1176278
Описание
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.
Затронутые продукты
Ссылки
- CVE-2020-14416
- SUSE Bug 1162002
Описание
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
Затронутые продукты
Ссылки
- CVE-2020-15393
- SUSE Bug 1173514
Описание
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
Затронутые продукты
Ссылки
- CVE-2020-15436
- SUSE Bug 1179141
Описание
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.
Затронутые продукты
Ссылки
- CVE-2020-15437
- SUSE Bug 1179140
Описание
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
Затронутые продукты
Ссылки
- CVE-2020-15780
- SUSE Bug 1173573
- SUSE Bug 1174186
Описание
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.
Затронутые продукты
Ссылки
- CVE-2020-16120
- SUSE Bug 1177470
Описание
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
Затронутые продукты
Ссылки
- CVE-2020-16166
- SUSE Bug 1174757
Описание
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-1749
- SUSE Bug 1165629
- SUSE Bug 1165631
- SUSE Bug 1177511
- SUSE Bug 1177513
- SUSE Bug 1189302
Описание
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
Затронутые продукты
Ссылки
- CVE-2020-24490
- SUSE Bug 1177726
- SUSE Bug 1177727
Описание
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
Затронутые продукты
Ссылки
- CVE-2020-25212
- SUSE Bug 1176381
- SUSE Bug 1176382
- SUSE Bug 1177027
Описание
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
Затронутые продукты
Ссылки
- CVE-2020-25284
- SUSE Bug 1176482
Описание
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
Затронутые продукты
Ссылки
- CVE-2020-25285
- SUSE Bug 1176485
Описание
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2020-25641
- SUSE Bug 1177121
Описание
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-25643
- SUSE Bug 1177206
- SUSE Bug 1177226
Описание
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-25645
- SUSE Bug 1177511
- SUSE Bug 1177513
Описание
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
Затронутые продукты
Ссылки
- CVE-2020-25656
- SUSE Bug 1177766
Описание
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
Затронутые продукты
Ссылки
- CVE-2020-25668
- SUSE Bug 1178123
- SUSE Bug 1178622
- SUSE Bug 1196914
Описание
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
Затронутые продукты
Ссылки
- CVE-2020-25669
- SUSE Bug 1178182
Описание
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
Затронутые продукты
Ссылки
- CVE-2020-25704
- SUSE Bug 1178393
Описание
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
Затронутые продукты
Ссылки
- CVE-2020-25705
- SUSE Bug 1175721
- SUSE Bug 1178782
- SUSE Bug 1178783
- SUSE Bug 1191790
Описание
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
Затронутые продукты
Ссылки
- CVE-2020-26088
- SUSE Bug 1176990
Описание
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2020-27068
- SUSE Bug 1180086
Описание
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
Затронутые продукты
Ссылки
- CVE-2020-27777
- SUSE Bug 1179107
- SUSE Bug 1179419
- SUSE Bug 1200343
- SUSE Bug 1220060
Описание
A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-27786
- SUSE Bug 1179601
- SUSE Bug 1179616
Описание
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
Затронутые продукты
Ссылки
- CVE-2020-27825
- SUSE Bug 1179960
- SUSE Bug 1179961
Описание
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.
Затронутые продукты
Ссылки
- CVE-2020-27830
- SUSE Bug 1179656
Описание
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
Затронутые продукты
Ссылки
- CVE-2020-28915
- SUSE Bug 1178886
Описание
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
Затронутые продукты
Ссылки
- CVE-2020-28941
- SUSE Bug 1178740
Описание
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
Затронутые продукты
Ссылки
- CVE-2020-28974
- SUSE Bug 1178589
Описание
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
Затронутые продукты
Ссылки
- CVE-2020-29369
- SUSE Bug 1173504
- SUSE Bug 1179432
- SUSE Bug 1179646
- SUSE Bug 1182109
Описание
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
Затронутые продукты
Ссылки
- CVE-2020-29370
- SUSE Bug 1179435
- SUSE Bug 1179648
Описание
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
Затронутые продукты
Ссылки
- CVE-2020-29371
- SUSE Bug 1179429
Описание
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.
Затронутые продукты
Ссылки
- CVE-2020-29373
- SUSE Bug 1179434
- SUSE Bug 1179779
Описание
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Затронутые продукты
Ссылки
- CVE-2020-29660
- SUSE Bug 1179745
- SUSE Bug 1179877
Описание
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
Затронутые продукты
Ссылки
- CVE-2020-29661
- SUSE Bug 1179745
- SUSE Bug 1179877
- SUSE Bug 1214268
- SUSE Bug 1218966
Описание
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
Затронутые продукты
Ссылки
- CVE-2020-36158
- SUSE Bug 1180559
- SUSE Bug 1180562
Описание
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
Затронутые продукты
Ссылки
- CVE-2020-4788
- SUSE Bug 1177666
- SUSE Bug 1181158
Описание
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2020-8694
- SUSE Bug 1170415
- SUSE Bug 1170446
- SUSE Bug 1178591
- SUSE Bug 1178700
- SUSE Bug 1179661