openSUSE-SU-2021:0407-1

Опубликовано: 14 мар. 2021

Источник: suse-cvrf

Описание

Security update for kernel-firmware

This update for kernel-firmware fixes the following issues:

CVE-2020-12373: Fixed an expired pointer dereference may lead to DOS (bsc#1181738).
CVE-2020-12364: Fixed a null pointer reference may lead to DOS (bsc#1181736).
CVE-2020-12362: Fixed an integer overflow which could have led to privilege escalation (bsc#1181720).
CVE-2020-12363: Fixed an improper input validation which may have led to DOS (bsc#1181735).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.2

kernel-firmware-20200107-lp152.2.6.1

ucode-amd-20200107-lp152.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH2XS5MRKRSCX3I5AS4LGZH576PO6KUD/
E-Mail link for openSUSE-SU-2021:0407-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1181720
SUSE Bug 1181720
https://bugzilla.suse.com/1181735
SUSE Bug 1181735
https://bugzilla.suse.com/1181736
SUSE Bug 1181736
https://bugzilla.suse.com/1181738
SUSE Bug 1181738
https://www.suse.com/security/cve/CVE-2020-12362/
SUSE CVE CVE-2020-12362 page
https://www.suse.com/security/cve/CVE-2020-12363/
SUSE CVE CVE-2020-12363 page
https://www.suse.com/security/cve/CVE-2020-12364/
SUSE CVE CVE-2020-12364 page
https://www.suse.com/security/cve/CVE-2020-12373/
SUSE CVE CVE-2020-12373 page

Описание

Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.

Затронутые продукты

openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1

openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-12362.html
CVE-2020-12362
https://bugzilla.suse.com/1181720
SUSE Bug 1181720
https://bugzilla.suse.com/1182033
SUSE Bug 1182033
https://bugzilla.suse.com/1190859
SUSE Bug 1190859

Описание

Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Затронутые продукты

openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1

openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-12363.html
CVE-2020-12363
https://bugzilla.suse.com/1181720
SUSE Bug 1181720
https://bugzilla.suse.com/1181735
SUSE Bug 1181735

Описание

Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Затронутые продукты

openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1

openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-12364.html
CVE-2020-12364
https://bugzilla.suse.com/1181720
SUSE Bug 1181720
https://bugzilla.suse.com/1181736
SUSE Bug 1181736

Описание

Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.

Затронутые продукты

openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1

openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-12373.html
CVE-2020-12373
https://bugzilla.suse.com/1181720
SUSE Bug 1181720
https://bugzilla.suse.com/1181738
SUSE Bug 1181738

openSUSE-SU-2021:0407-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-12362

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-12363

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-12364

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-12373

Описание

Затронутые продукты

Ссылки