Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.4.2020.2027.1 |
Category: | SuSE Local Security Checks |
Title: | SUSE: Security Advisory (SUSE-SU-2020:2027-1) |
Summary: | The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2027-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2027-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). CVE-2020-10711: A NULL pointer ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15-SP2. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-19462 Common Vulnerability Exposure (CVE) ID: CVE-2019-20810 Common Vulnerability Exposure (CVE) ID: CVE-2019-20812 Common Vulnerability Exposure (CVE) ID: CVE-2020-10711 Common Vulnerability Exposure (CVE) ID: CVE-2020-10732 Common Vulnerability Exposure (CVE) ID: CVE-2020-10751 Common Vulnerability Exposure (CVE) ID: CVE-2020-10766 Common Vulnerability Exposure (CVE) ID: CVE-2020-10767 Common Vulnerability Exposure (CVE) ID: CVE-2020-10768 Common Vulnerability Exposure (CVE) ID: CVE-2020-10773 Common Vulnerability Exposure (CVE) ID: CVE-2020-12656 Common Vulnerability Exposure (CVE) ID: CVE-2020-12769 Common Vulnerability Exposure (CVE) ID: CVE-2020-12771 Common Vulnerability Exposure (CVE) ID: CVE-2020-12888 Common Vulnerability Exposure (CVE) ID: CVE-2020-13143 Common Vulnerability Exposure (CVE) ID: CVE-2020-13974 Common Vulnerability Exposure (CVE) ID: CVE-2020-14416 Common Vulnerability Exposure (CVE) ID: CVE-2020-15393 Common Vulnerability Exposure (CVE) ID: CVE-2020-15780 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |